From ncoghlan at gmail.com Tue Sep 1 06:15:53 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Tue, 1 Sep 2015 14:15:53 +1000 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DEED02.5080109@egenix.com> <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: On 1 September 2015 at 05:53, Donald Stufft wrote: > The top packages look a bit different than it did 10 months ago, surprisingly > to me PIL has severely dropped off from where it had ~63k 10 months ago and it > now has 5.5k, however pygame has risen from 2.6k 10 months ago to ~32k. I can provide plausible explanations for both of those: * Pillow adoption progressively displacing PIL usage * Pygame Zero lowering barriers to entry for PyGame usage in education Cheers, Nick. P.S. If folks haven't seen PyGame Zero, it's a pretty neat concept: https://pygame-zero.readthedocs.org/en/latest/ -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From donald at stufft.io Tue Sep 1 08:12:34 2015 From: donald at stufft.io (Donald Stufft) Date: Tue, 1 Sep 2015 02:12:34 -0400 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DEED02.5080109@egenix.com> <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: On September 1, 2015 at 12:15:56 AM, Nick Coghlan (ncoghlan at gmail.com) wrote: > On 1 September 2015 at 05:53, Donald Stufft wrote: > > The top packages look a bit different than it did 10 months ago, surprisingly > > to me PIL has severely dropped off from where it had ~63k 10 months ago and it > > now has 5.5k, however pygame has risen from 2.6k 10 months ago to ~32k. > > I can provide plausible explanations for both of those: > > * Pillow adoption progressively displacing PIL usage > * Pygame Zero lowering barriers to entry for PyGame usage in education > > Seems reasonable, Pygame doesn?t seem to have had a release since 2009. This is a common theme amongst most of the projects still using external hosting, they were added at a time that PyPI either didn?t have file uploading or it?s file uploading was unreliable and it made more sense to host externally. I think that also explains why almost none of them switched away from the unverifiable method to the verifiable method and why the amount of traffic per project drops sharply after the first handful, because it?s largely older projects that may or may not even actually work anymore. In the case of Pygame, I see that the pygame zero instructions say to install from?https://bitbucket.org/pygame/pygame. I don?t know of that?s an official pygame repository or if someone forked it or what, but if that?s owned by the same people, maybe we can get them to make a release to PyPI. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From njs at pobox.com Tue Sep 1 08:26:58 2015 From: njs at pobox.com (Nathaniel Smith) Date: Mon, 31 Aug 2015 23:26:58 -0700 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DEED02.5080109@egenix.com> <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: On Mon, Aug 31, 2015 at 11:12 PM, Donald Stufft wrote: > On September 1, 2015 at 12:15:56 AM, Nick Coghlan (ncoghlan at gmail.com) wrote: >> On 1 September 2015 at 05:53, Donald Stufft wrote: >> > The top packages look a bit different than it did 10 months ago, surprisingly >> > to me PIL has severely dropped off from where it had ~63k 10 months ago and it >> > now has 5.5k, however pygame has risen from 2.6k 10 months ago to ~32k. >> >> I can provide plausible explanations for both of those: >> >> * Pillow adoption progressively displacing PIL usage >> * Pygame Zero lowering barriers to entry for PyGame usage in education >> >> > > Seems reasonable, Pygame doesn?t seem to have had a release since 2009. This is a common theme amongst most of the projects still using external hosting, they were added at a time that PyPI either didn?t have file uploading or it?s file uploading was unreliable and it made more sense to host externally. I think that also explains why almost none of them switched away from the unverifiable method to the verifiable method and why the amount of traffic per project drops sharply after the first handful, because it?s largely older projects that may or may not even actually work anymore. > > In the case of Pygame, I see that the pygame zero instructions say to install from https://bitbucket.org/pygame/pygame. I don?t know of that?s an official pygame repository or if someone forked it or what, but if that?s owned by the same people, maybe we can get them to make a release to PyPI. Looking at the download url that PyPI points to: http://www.pygame.org/download.shtml then I get the impression that this page was designed to be read by humans only, and if pip/easy_install ever do anything useful with it then it's by pure luck only. The whole page is about how you should go about choosing and obtaining the correct platform-specific binary package. (Also, what does it meant that https://pypi.python.org/pypi/Pygame is 404?) -n -- Nathaniel J. Smith -- http://vorpus.org From donald at stufft.io Tue Sep 1 08:28:41 2015 From: donald at stufft.io (Donald Stufft) Date: Tue, 1 Sep 2015 02:28:41 -0400 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DEED02.5080109@egenix.com> <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: On September 1, 2015 at 2:27:03 AM, Nathaniel Smith (njs at pobox.com) wrote: > > (Also, what does it meant that https://pypi.python.org/pypi/Pygame is 404?) > It means they?ve hidden all of their releases on PyPI. This is a UI only thing, it still shows up on /simple/pygame/, but it?s plausible they thought it would hide their releases from pip too, they wouldn?t be the first that thought that. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From p.f.moore at gmail.com Tue Sep 1 09:55:24 2015 From: p.f.moore at gmail.com (Paul Moore) Date: Tue, 1 Sep 2015 08:55:24 +0100 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DEED02.5080109@egenix.com> <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: On 1 September 2015 at 07:26, Nathaniel Smith wrote: > Looking at the download url that PyPI points to: > > http://www.pygame.org/download.shtml > > then I get the impression that this page was designed to be read by > humans only, and if pip/easy_install ever do anything useful with it > then it's by pure luck only. The whole page is about how you should go > about choosing and obtaining the correct platform-specific binary > package. There are a number of pygame issues open about packaging: https://bitbucket.org/pygame/pygame/issues/59/pygame-has-no-pypi-page-and-cant-be is a general "get the pypi page working" one, https://bitbucket.org/pygame/pygame/issues/222/wheel-format-for-pip-and-pypi for providing wheels, https://bitbucket.org/pygame/pygame/issues/223/new-version-scheme-to-match-pep-0440 for PEP 440 versioning, https://bitbucket.org/pygame/pygame/issues/224/fix-usage-of-raw_input-in-setuppy fix interactive prompting from setup.py, and I've just added one asking them to host on PyPI: https://bitbucket.org/pygame/pygame/issues/276/host-release-files-on-pypi They seem to be discussing the various packaging issues, so with luck they will put something in place for the next release, whenever that occurs. Paul From wes.turner at gmail.com Tue Sep 1 11:27:59 2015 From: wes.turner at gmail.com (Wes Turner) Date: Tue, 1 Sep 2015 04:27:59 -0500 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DEED02.5080109@egenix.com> <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: "~0.4% of the total traffic for that particular day." Thanks. So, to clarify, It will not be possible to host releases from external links to GitHub [1], But it will be possible to host /simple/ packages index with e.g. gh-pages and compoze [2]? [1] https://developer.github.com/v3/repos/releases/#upload-a-release-asset [2] http://docs.repoze.org/compoze/narr.html#consolidating-package-indexes On Aug 31, 2015 2:53 PM, "Donald Stufft" wrote: > On August 31, 2015 at 10:31:35 AM, Donald Stufft (donald at stufft.io) wrote: > > > I can redo them now again. > > So, I went ahead and ran all of the numbers using the data from 2015-08-18 > (chosen because when I looked at the last couple weeks of log files, it > was the > largest log file). I think the difference in just ~10 months supports the > idea > that use of this feature is declining and the model in the PEP will be a > cleaner and easier to understand model. > > On this day, there were 20,398,771 total requests to /simple// which > resulted in either a 200 or a 304 response code, out of these ~20 million > requests 80,622 went to projects which do not have any files hosted on > PyPI but > do have files hosted off of PyPI. This represents ~0.4% of the total > traffic > for that particular day. > > The top packages look a bit different than it did 10 months ago, > surprisingly > to me PIL has severely dropped off from where it had ~63k 10 months ago > and it > now has 5.5k, however pygame has risen from 2.6k 10 months ago to ~32k. The > total number of requests has doubled between now and 10 months ago and it > appears that numbers of the top packages have more or less done the same, > with > the exception of the very top package which has been cut in half. Similar > to 10 > months ago we see the numbers rapidly drop by orders of magnitude. > > Overall, the top 10 in this list togther represented 70,691 requests 10 > months > ago, and now they represent 41,703. That's roughly 60% of what they were 10 > months ago while the total number of requests increased by 100%, so it's > really > more like 30% of what they were previously when adjusted for the traffic > increase. > > ============================== ======== > Project Requests > ============================== ======== > Pygame 32238 > PIL 5548 > mysql-connector-python 5152 > RBTools 3723 > python-apt 3028 > meliae 1679 > elementtree 1576 > which 457 > salesforce-python-toolkit 454 > pywbem 400 > wxPython 359 > pyDes 301 > PyXML 300 > robotframework-seleniumlibrary 282 > basemap 255 > > Is any of this information useful for the PEP? I removed it because I > though it > was too much, but I'm happy to add it back in if it'd be useful. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dholth at gmail.com Tue Sep 1 15:57:14 2015 From: dholth at gmail.com (Daniel Holth) Date: Tue, 01 Sep 2015 13:57:14 +0000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: Looks amazing, why don't we merge it. On Thu, Aug 27, 2015 at 3:24 PM Nate Coraor wrote: > On Tue, Aug 25, 2015 at 1:54 PM, Nate Coraor wrote: > >> I've started down this road of Linux platform detection, here's the work >> so far: >> >> https://bitbucket.org/natefoo/wheel/src/tip/wheel/platform/linux.py >> >> I'm collecting distribution details here: >> >> https://gist.github.com/natefoo/814c5bf936922dad97ff >> >> One thing to note, although it's not used, I'm attempting to label a >> particular ABI as stable or unstable, so for example, Debian testing is >> unstable, whereas full releases are stable. Arch and Gentoo are always >> unstable, Ubuntu is always stable, etc. Hopefully this would be useful in >> making a decision about what wheels to allow into PyPI. >> >> --nate >> >> > Hi all, > > Platform detection and binary-compatibility.cfg support is now available > in my branch of pip[1]. I've also built a large number of psycopg2 wheels > for testing[2]. Here's what happens when you try to install one of them on > CentOS 7 using my pip: > > # pip install --index https://wheels.galaxyproject.org/ --no-cache-dir > psycopg2 > Collecting psycopg2 > Could not find a version that satisfies the requirement psycopg2 (from > versions: ) > No matching distribution found for psycopg2 > > Then create /etc/python/binary-compatibility.cfg: > > # cat /etc/python/binary-compatibility.cfg > { > "linux_x86_64_centos_7": { > "install": ["linux_x86_64_rhel_6"] > } > } > > # pip install --index https://wheels.galaxyproject.org/ --no-cache-dir > psycopg2 > Collecting psycopg2 > Downloading > https://wheels.galaxyproject.org/packages/psycopg2-2.6.1-cp27-cp27mu-linux_x86_64_rhel_6.whl > (307kB) > 100% |################################| 307kB 75.7MB/s > Installing collected packages: psycopg2 > Successfully installed psycopg2-2.6.1 > > Of course, I have not attempted to solve the external dependency problem: > > # python -c 'import psycopg2; print psycopg2' > Traceback (most recent call last): > File "", line 1, in > File "/usr/lib/python2.7/site-packages/psycopg2/__init__.py", line 50, > in > from psycopg2._psycopg import BINARY, NUMBER, STRING, DATETIME, ROWID > ImportError: libpq.so.5: cannot open shared object file: No such file or > directory > > But after installing postgresql-libs, everything works as expected: > > # python -c 'import psycopg2; print psycopg2' > '/usr/lib/python2.7/site-packages/psycopg2/__init__.pyc'> > > This is an improvement over the current situation of an sdist in PyPI, > however, since only one non-default package (postgresql-libs) needs to be > installed as opposed to postgresql-devel and the build tools (gcc, make, > etc.). In addition, a user installing psycopg2 is likely to already have > postgresql-libs installed. > > I'd really appreciate if this work could be given a look, and some > discussion could take place on where to go from here. > > Thanks, > --nate > > > [1]: https://github.com/natefoo/pip/tree/linux-wheels > [2]: https://wheels.galaxyproject.org/simple/psycopg2 > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim at tim-smith.us Tue Sep 1 22:34:03 2015 From: tim at tim-smith.us (Tim Smith) Date: Tue, 1 Sep 2015 13:34:03 -0700 Subject: [Distutils] Building Python extension modules on OS X without distutils Message-ID: I wrote a post about a problem Homebrew sees pretty often on OS X where projects link extension modules with -lpython (either explicitly or because they trust python-config --ldflags). If you see somebody doing this, please point them to this post and invite them to use -undefined dynamic_lookup instead, so that the Python symbols are resolved at import time. http://blog.tim-smith.us/2015/09/python-extension-modules-os-x/ Cheers, Tim From p.f.moore at gmail.com Wed Sep 2 20:54:11 2015 From: p.f.moore at gmail.com (Paul Moore) Date: Wed, 2 Sep 2015 19:54:11 +0100 Subject: [Distutils] Accepting PEP 470 - Removing External Hosting support on PyPI Message-ID: There has been no further feedback on PEP 470, and Donald has incorporated all the feedback, so I'm happy to announce that I am approving it. The PEP is available in the usual place at https://www.python.org/dev/peps/pep-0470/. Thanks to all who participated in the various threads on the subject, and to Donald for writing the PEP and updating it to reflect all of the extensive feedback. Cheers, Paul From donald at stufft.io Wed Sep 2 21:07:29 2015 From: donald at stufft.io (Donald Stufft) Date: Wed, 2 Sep 2015 15:07:29 -0400 Subject: [Distutils] Accepting PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: Message-ID: On September 2, 2015 at 2:54:13 PM, Paul Moore (p.f.moore at gmail.com) wrote: > There has been no further feedback on PEP 470, and Donald has > incorporated all the feedback, so I'm happy to announce that I am > approving it. > > The PEP is available in the usual place at > https://www.python.org/dev/peps/pep-0470/. > > Thanks to all who participated in the various threads on the subject, > and to Donald for writing the PEP and updating it to reflect all of > the extensive feedback. > > Cheers, > Paul >? Thank you Paul for being the BDFL-Delegate and thank you everyone for participating! I'm happy to have this finally done. Just so everyone knows what to expect, my plan is to implement all of the deprecation parts while PyPI legacy is still running and then use the final cut over to Warehouse as the final step to actually remove it. This also means that Warehouse will be a minimum of 3 months away in order to adhere to the timeline requirements in this PEP. I'll see about getting the immediate requirements done ASAP. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From donald at stufft.io Thu Sep 3 01:45:06 2015 From: donald at stufft.io (Donald Stufft) Date: Wed, 2 Sep 2015 19:45:06 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 1, 2015 at 9:57:50 AM, Daniel Holth (dholth at gmail.com) wrote: > Looks amazing, why don't we merge it. > I think we need to update the PEP or write a new PEP before we add new tags to the implementation. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From dholth at gmail.com Thu Sep 3 14:15:40 2015 From: dholth at gmail.com (Daniel Holth) Date: Thu, 03 Sep 2015 12:15:40 +0000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: We could at least merge the implementation of the SOABI tag for Python 2.7 (cp27m, cp27mu, ...), which has been in the PEP from the beginning but was never implemented for Python 2. This lets you distinguish between wheels built for CPython with debug, pymalloc, unicode builds. For pypy which does not have SOABI, the current 'none' should suffice. On Wed, Sep 2, 2015 at 7:45 PM Donald Stufft wrote: > On September 1, 2015 at 9:57:50 AM, Daniel Holth (dholth at gmail.com) wrote: > > Looks amazing, why don't we merge it. > > > > I think we need to update the PEP or write a new PEP before we add new > tags to the implementation. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Thu Sep 3 14:16:46 2015 From: donald at stufft.io (Donald Stufft) Date: Thu, 3 Sep 2015 08:16:46 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 3, 2015 at 8:15:53 AM, Daniel Holth (dholth at gmail.com) wrote: > We could at least merge the implementation of the SOABI tag for Python 2.7 > (cp27m, cp27mu, ...), which has been in the PEP from the beginning but was > never implemented for Python 2. This lets you distinguish between wheels > built for CPython with debug, pymalloc, unicode builds. > > For pypy which does not have SOABI, the current 'none' should suffice. > Merging the SOABI tag sounds like a win to me. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From nate at bx.psu.edu Thu Sep 3 15:52:51 2015 From: nate at bx.psu.edu (Nate Coraor) Date: Thu, 3 Sep 2015 09:52:51 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Thu, Sep 3, 2015 at 8:16 AM, Donald Stufft wrote: > On September 3, 2015 at 8:15:53 AM, Daniel Holth (dholth at gmail.com) wrote: > > We could at least merge the implementation of the SOABI tag for Python > 2.7 > > (cp27m, cp27mu, ...), which has been in the PEP from the beginning but > was > > never implemented for Python 2. This lets you distinguish between wheels > > built for CPython with debug, pymalloc, unicode builds. > > > > For pypy which does not have SOABI, the current 'none' should suffice. > The ABI tag code as written will actually set it for PyPy (e.g. 'pp222mu') since the SOABI config var is unset on it (and probably any other non-Python-3 implementation). This was intentional since PyPy does actually build some C Extensions, but I can limit SOABI detection to CPython if it doesn't make sense to do it on PyPy. However, I see now it will also be set for Jython, which it definitely should not do, so I'll fix that regardless. > > > > Merging the SOABI tag sounds like a win to me. > I'll create PRs for this against wheel and pip shortly. I can also work on a PEP for the platform tag - I don't think it's going to need to be a big one. Are there any preferences as to whether this should be a new PEP or an update to 425? > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dholth at gmail.com Thu Sep 3 15:56:15 2015 From: dholth at gmail.com (Daniel Holth) Date: Thu, 03 Sep 2015 13:56:15 +0000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: IIRC there's also a bug where we use pypy's version "2.6.2" and not the version of Python it implements "2.7" for the first tag. On Thu, Sep 3, 2015 at 9:53 AM Nate Coraor wrote: > On Thu, Sep 3, 2015 at 8:16 AM, Donald Stufft wrote: > >> On September 3, 2015 at 8:15:53 AM, Daniel Holth (dholth at gmail.com) >> wrote: >> > We could at least merge the implementation of the SOABI tag for Python >> 2.7 >> > (cp27m, cp27mu, ...), which has been in the PEP from the beginning but >> was >> > never implemented for Python 2. This lets you distinguish between wheels >> > built for CPython with debug, pymalloc, unicode builds. >> > >> > For pypy which does not have SOABI, the current 'none' should suffice. >> > > The ABI tag code as written will actually set it for PyPy (e.g. 'pp222mu') > since the SOABI config var is unset on it (and probably any other > non-Python-3 implementation). This was intentional since PyPy does actually > build some C Extensions, but I can limit SOABI detection to CPython if it > doesn't make sense to do it on PyPy. > > However, I see now it will also be set for Jython, which it definitely > should not do, so I'll fix that regardless. > > >> > >> >> Merging the SOABI tag sounds like a win to me. >> > > I'll create PRs for this against wheel and pip shortly. I can also work on > a PEP for the platform tag - I don't think it's going to need to be a big > one. Are there any preferences as to whether this should be a new PEP or an > update to 425? > > >> >> ----------------- >> Donald Stufft >> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 >> DCFA >> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From nate at bx.psu.edu Thu Sep 3 16:04:10 2015 From: nate at bx.psu.edu (Nate Coraor) Date: Thu, 3 Sep 2015 10:04:10 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Thu, Sep 3, 2015 at 9:56 AM, Daniel Holth wrote: > IIRC there's also a bug where we use pypy's version "2.6.2" and not the > version of Python it implements "2.7" for the first tag. > It's the other way around: https://github.com/pypa/pip/issues/2882 My changes set the Python tag to the version of PyPy. > On Thu, Sep 3, 2015 at 9:53 AM Nate Coraor wrote: > >> On Thu, Sep 3, 2015 at 8:16 AM, Donald Stufft wrote: >> >>> On September 3, 2015 at 8:15:53 AM, Daniel Holth (dholth at gmail.com) >>> wrote: >>> > We could at least merge the implementation of the SOABI tag for Python >>> 2.7 >>> > (cp27m, cp27mu, ...), which has been in the PEP from the beginning but >>> was >>> > never implemented for Python 2. This lets you distinguish between >>> wheels >>> > built for CPython with debug, pymalloc, unicode builds. >>> > >>> > For pypy which does not have SOABI, the current 'none' should suffice. >>> >> >> The ABI tag code as written will actually set it for PyPy (e.g. >> 'pp222mu') since the SOABI config var is unset on it (and probably any >> other non-Python-3 implementation). This was intentional since PyPy does >> actually build some C Extensions, but I can limit SOABI detection to >> CPython if it doesn't make sense to do it on PyPy. >> >> However, I see now it will also be set for Jython, which it definitely >> should not do, so I'll fix that regardless. >> > >> >>> > >>> >>> Merging the SOABI tag sounds like a win to me. >>> >> >> I'll create PRs for this against wheel and pip shortly. I can also work >> on a PEP for the platform tag - I don't think it's going to need to be a >> big one. Are there any preferences as to whether this should be a new PEP >> or an update to 425? >> >> >>> >>> ----------------- >>> Donald Stufft >>> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 >>> DCFA >>> >>> >>> -------------- next part -------------- An HTML attachment was scrubbed... URL: From nate at bx.psu.edu Thu Sep 3 19:22:40 2015 From: nate at bx.psu.edu (Nate Coraor) Date: Thu, 3 Sep 2015 13:22:40 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Thu, Sep 3, 2015 at 10:04 AM, Nate Coraor wrote: > On Thu, Sep 3, 2015 at 9:56 AM, Daniel Holth wrote: > >> IIRC there's also a bug where we use pypy's version "2.6.2" and not the >> version of Python it implements "2.7" for the first tag. >> > > It's the other way around: > > https://github.com/pypa/pip/issues/2882 > > My changes set the Python tag to the version of PyPy. > > >> On Thu, Sep 3, 2015 at 9:53 AM Nate Coraor wrote: >> >>> On Thu, Sep 3, 2015 at 8:16 AM, Donald Stufft wrote: >>> >>>> On September 3, 2015 at 8:15:53 AM, Daniel Holth (dholth at gmail.com) >>>> wrote: >>>> > We could at least merge the implementation of the SOABI tag for >>>> Python 2.7 >>>> > (cp27m, cp27mu, ...), which has been in the PEP from the beginning >>>> but was >>>> > never implemented for Python 2. This lets you distinguish between >>>> wheels >>>> > built for CPython with debug, pymalloc, unicode builds. >>>> > >>>> > For pypy which does not have SOABI, the current 'none' should suffice. >>>> >>> >>> The ABI tag code as written will actually set it for PyPy (e.g. >>> 'pp222mu') since the SOABI config var is unset on it (and probably any >>> other non-Python-3 implementation). This was intentional since PyPy does >>> actually build some C Extensions, but I can limit SOABI detection to >>> CPython if it doesn't make sense to do it on PyPy. >>> >>> However, I see now it will also be set for Jython, which it definitely >>> should not do, so I'll fix that regardless. >>> >> >>> >>>> > >>>> >>>> Merging the SOABI tag sounds like a win to me. >>>> >>> >>> I'll create PRs for this against wheel and pip shortly. I can also work >>> on a PEP for the platform tag - I don't think it's going to need to be a >>> big one. Are there any preferences as to whether this should be a new PEP >>> or an update to 425? >>> >> Here are the PRs for SOABI support and PyPy version tag correction: https://bitbucket.org/pypa/wheel/pull-requests/55/soabi-support-for-python-2x-and-pypy/diff https://github.com/pypa/pip/pull/3075 --nate >>> >>>> >>>> ----------------- >>>> Donald Stufft >>>> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 >>>> DCFA >>>> >>>> >>>> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Fri Sep 4 05:33:14 2015 From: qwcode at gmail.com (Marcus Smith) Date: Thu, 3 Sep 2015 20:33:14 -0700 Subject: [Distutils] mention Copr/EPEL/IUS in pip install instructions? Message-ID: Hello: I'm looking for opinions on mentioning Copr and/or EPEL and/or IUS in the pip install instructions. Here's the PR with the actual docs changes: https://github.com/pypa/pip/pull/3067 The goal is to give people a linux distro-friendly way (at least for fedora/centos/rhel) to upgrade pip (in distro-managed pythons) to a newer version, i.e. something more friendly than "get-pip.py" I started the thread in the pypa-dev list. thought I might get broader feedback over here. feedback in the PR is appreciated. thanks Marcus -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Fri Sep 4 07:02:35 2015 From: qwcode at gmail.com (Marcus Smith) Date: Thu, 3 Sep 2015 22:02:35 -0700 Subject: [Distutils] ensurepip in linux distros Message-ID: Can anyone summarize the state of ensurepip for the major linux distros. Do any currently include a version that leaves ensurepip intact? If not, will any? Moreover, would any ever also bootstrap pip for you? I'm not asking out of interest in wanting it, more to understand for the sake of editing pip and PyPUG docs. thanks, Marcus -------------- next part -------------- An HTML attachment was scrubbed... URL: From robertc at robertcollins.net Fri Sep 4 12:07:35 2015 From: robertc at robertcollins.net (Robert Collins) Date: Fri, 4 Sep 2015 22:07:35 +1200 Subject: [Distutils] mention Copr/EPEL/IUS in pip install instructions? In-Reply-To: References: Message-ID: Replied on the review. On 4 September 2015 at 15:33, Marcus Smith wrote: > Hello: > > I'm looking for opinions on mentioning Copr and/or EPEL and/or IUS in the > pip install instructions. > > Here's the PR with the actual docs changes: > https://github.com/pypa/pip/pull/3067 > > The goal is to give people a linux distro-friendly way (at least for > fedora/centos/rhel) to upgrade pip (in distro-managed pythons) to a newer > version, i.e. something more friendly than "get-pip.py" > > I started the thread in the pypa-dev list. thought I might get broader > feedback over here. > > feedback in the PR is appreciated. > > thanks > Marcus > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -- Robert Collins Distinguished Technologist HP Converged Cloud From aclark at aclark.net Sat Sep 5 00:59:46 2015 From: aclark at aclark.net (Alex Clark) Date: Fri, 4 Sep 2015 18:59:46 -0400 Subject: [Distutils] Reviving PEP 470 - Removing External Hosting support on PyPI In-Reply-To: References: <55DF7A5D.8090804@egenix.com> <55E413F0.6010002@egenix.com> <36A1712F-417D-42FA-AADD-0C52EE103DCB@wiggy.net> <55E41FFF.3010407@egenix.com> Message-ID: On 9/1/15 12:15 AM, Nick Coghlan wrote: > On 1 September 2015 at 05:53, Donald Stufft wrote: >> The top packages look a bit different than it did 10 months ago, surprisingly >> to me PIL has severely dropped off from where it had ~63k 10 months ago and it >> now has 5.5k, however pygame has risen from 2.6k 10 months ago to ~32k. > > I can provide plausible explanations for both of those: > > * Pillow adoption progressively displacing PIL usage Wow that's amazing, thanks for those numbers Donald \o/. To correlate (apropos of nothing) it looks like Pillow's PyPI numbers are slightly up over the past year (Pillow is released quarterly): $ vanity -q pillow==2.7.0 Pillow 2.7.0 has been downloaded 934,119 times! $ vanity -q pillow=={2.8.0,2.8.1,2.8.2} Pillow 2.8.0 has been downloaded 41,433 times! Pillow 2.8.1 has been downloaded 788,788 times! Pillow 2.8.2 has been downloaded 500,565 times! Pillow, Pillow and Pillow have been downloaded 1,330,786 times! $ vanity -q pillow==2.9.0 Pillow 2.9.0 has been downloaded 1,083,447 times! > * Pygame Zero lowering barriers to entry for PyGame usage in education > > Cheers, > Nick. > > P.S. If folks haven't seen PyGame Zero, it's a pretty neat concept: > https://pygame-zero.readthedocs.org/en/latest/ > From donald at stufft.io Sat Sep 5 03:17:18 2015 From: donald at stufft.io (Donald Stufft) Date: Fri, 4 Sep 2015 21:17:18 -0400 Subject: [Distutils] PEP 503 - Simple Repository API Message-ID: Now that PEP 470 is accepted, I don't forsee any more changes to the API that installers are expected to use when talking to PyPI. Given that there are multiple implementations of PyPI and multiple clients talking to PyPI I wanted to document the API that any implementation (PyPI included) is expected to adhere too. I've gone ahead and made myself the BDFL-Delegate for this PEP since this is just documenting the current (once PEP 470 is fully implemented) behavior and it isn't adding, changing, or removing anything. I did want to post it here for others to see so that people can check my work but unless someone points something out or objects to it I plan to accept this PEP in a week. You can see this PEP online at https://www.python.org/dev/peps/pep-0503/ or I have reproduced it inline below. ----------------------------------------------- Abstract ======== There are many implementations of a Python package repository and many tools that consume them. Of these, the cannonical implementation that defines what the "simple" repository API looks like is the implementation that powers PyPI. This document will specify that API, documenting what the correct behavior for any implementation of the simple repository API. Specification ============= A repository that implements the simple API is defined by its base url, this is the top level URL that all additional URLS are below. The API is named the "simple" repository due to fact that PyPI's base URL is ``https://pypi.python.org/simple/``. .. note:: All subsequent URLs in this document will be relative to this base ? ? ? ? ? URL (so given PyPI's URL, an URL of ``/foo/`` would be ? ? ? ? ? ``https://pypi.python.org/simple/foo/``). Within a repository, the root URL (``/``) **MUST** be a valid HTML5 page with a single anchor element per project in the repository. The text of the anchor tag **MUST** be the normalized name of the project and the href attribute **MUST** link to the URL for that particular project. As an example:: ? ? ? ? ? ? ? ? ? ? ?frob ? ? ? ?spamspamspam ? ? ? ? ? Below the root URL is another URL for each individual project contained within a repository. The format of this URL is ``//`` where the ```` is replaced by the normalized name for that project, so a project named "HolyGrail" would have an URL like ``/holygrail/``. This URL must response with a valid HTML5 page with a single anchor element per file for the project. The text of the anchor tag **MUST** be the filename of the file and the href attribute **MUST** be an URL that links to the location of the file for download. The URL **SHOULD** include a hash in the form of an URL fragment with the following syntax: ``#=``, where ```` is the lowercase name of the hash function (such as ``sha256``) and ```` is the hex encoded digest. In addition to the above, the following constraints are placed on the API: * All URLs **MUST** end with a ``/`` and the repository **SHOULD** redirect the ? URLs without a ``/`` to add a ``/`` to the end. * There is no constraints on where the files must be hosted relative to the ? repository. * There may be any other HTML elements on the API pages as long as the required ? anchor elements exist. * Repositories **MAY** redirect unnormalized URLs to the cannonical normalized ? URL (e.g. ``/Foobar/`` may redirect to ``/foobar/``), however clients ? **MUST NOT** rely on this redirection and **MUST** request the normalized ? URL. * Repositories **SHOULD** choose a hash function from one of the ones ? guarenteed to be available via the ``hashlib`` module in the Python standard ? library (currently ``md5``, ``sha1``, ``sha224``, ``sha256``, ``sha384``, ? ``sha512``). The current recommendation is to use ``sha256``. Normalized Names ---------------- This PEP references the concept of a "normalized" project name. As per PEP 426 the only valid characters in a name are the ASCII alphabet, ASCII numbers, ``.``, ``-``, and ``_``. The name should be lowercased with all runs of the characters ``.``, ``-``, or ``_`` replaced with a single ``-`` character. This can be implemented in Python with the ``re`` module:: ? ?import re ? ?def normalize(name): ? ? ? ?return re.sub(r"[-_.]+", "-", name).lower() ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From donald at stufft.io Sat Sep 5 03:19:08 2015 From: donald at stufft.io (Donald Stufft) Date: Fri, 4 Sep 2015 21:19:08 -0400 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: Message-ID: On September 4, 2015 at 9:17:19 PM, Donald Stufft (donald at stufft.io) wrote: > > Now that PEP 470 is accepted, I don't forsee any more changes > to the API that > installers are expected to use when talking to PyPI. Given that > there are > multiple implementations of PyPI and multiple clients talking > to PyPI I wanted > to document the API that any implementation (PyPI included) > is expected to > adhere too. Oh, and I plan to reference this PEP in the documentation that PEP 470 requires to exist prior to sending out any emails. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From ncoghlan at gmail.com Sat Sep 5 04:12:05 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 12:12:05 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On 3 September 2015 at 09:45, Donald Stufft wrote: > On September 1, 2015 at 9:57:50 AM, Daniel Holth (dholth at gmail.com) wrote: >> Looks amazing, why don't we merge it. >> > > I think we need to update the PEP or write a new PEP before we add new tags to the implementation. Right, we're mainly talking about replacing/updating the compatibility tags in PEP 425. The most expedient way to formalise consensus on that would be to just write a replacement PEP and have it take precedence over 425 even for current generation wheel files. More generally, this an area where I don't think the PEP process is actually working well for us - I think we'd be better off separating the "produced artifact" (i.e. versioned interoperability specifications) from the change management process for those specifications (i.e. the PEP process). That's the way CPython works, after all - the released artifacts are the reference interpreter, the language reference, and the standard library reference, while the PEP process is a way of negotiating major changes to those. PyPI is similar - pypi.python.org and its APIs are the released artifact, the PEPs negotiate changes. It's only the interoperability specs where we currently follow the RFC model of having the same document describe both the end result *and* the rationale for changes from the previous version, and I mostly find it to be a pain. Regards, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From donald at stufft.io Sat Sep 5 04:14:52 2015 From: donald at stufft.io (Donald Stufft) Date: Fri, 4 Sep 2015 22:14:52 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 4, 2015 at 10:12:08 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: > On 3 September 2015 at 09:45, Donald Stufft wrote: > > On September 1, 2015 at 9:57:50 AM, Daniel Holth (dholth at gmail.com) wrote: > >> Looks amazing, why don't we merge it. > >> > > > > I think we need to update the PEP or write a new PEP before we add new tags to the implementation. > > Right, we're mainly talking about replacing/updating the compatibility > tags in PEP 425. The most expedient way to formalise consensus on that > would be to just write a replacement PEP and have it take precedence > over 425 even for current generation wheel files. > > More generally, this an area where I don't think the PEP process is > actually working well for us - I think we'd be better off separating > the "produced artifact" (i.e. versioned interoperability > specifications) from the change management process for those > specifications (i.e. the PEP process). That's the way CPython works, > after all - the released artifacts are the reference interpreter, the > language reference, and the standard library reference, while the PEP > process is a way of negotiating major changes to those. PyPI is > similar - pypi.python.org and its APIs are the released artifact, the > PEPs negotiate changes. > > It's only the interoperability specs where we currently follow the RFC > model of having the same document describe both the end result *and* > the rationale for changes from the previous version, and I mostly find > it to be a pain. > I'm not sure that I follow what you?re saying here, can you describe what your ideal situation would look like? ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From ncoghlan at gmail.com Sat Sep 5 04:34:53 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 12:34:53 +1000 Subject: [Distutils] ensurepip in linux distros In-Reply-To: References: Message-ID: On 4 September 2015 at 15:02, Marcus Smith wrote: > Can anyone summarize the state of ensurepip for the major linux distros. > > Do any currently include a version that leaves ensurepip intact? > If not, will any? Moreover, would any ever also bootstrap pip for you? python in Fedora depends on python-pip, and then bundles the system version back up with rewheel for installation into Python virtual environments. With RPM gaining weak dependency support, that dependency will potentially shift from a Requires to a Recommends, but that will still mean pip and ensurepip work by default. For Python 3.x on RHEL/CentOS, the EPEL Python 3.x stacks work the same way Fedora does (currently python34 only, but there'll be a python35 stack after the Fedora 23 beta is out the door and folks start working on upgrading Fedora Rawhide to Python 3.5 - with the work still needed to finish the "Python 3 as system Python" migration, we unfortunately weren't able to pursue a Python 3.5 migration at the same time) The Python 2.7 and Python 3.x Software Collections also provide pip by default. For system wide installations of Python 2.x, RHEL/CentOS require that python-pip be installed manually from EPEL, and that's unlikely to change (we'd prefer folks switch to using a more easily updated Software Collection runtime instead of running directly in the system Python). Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Sat Sep 5 04:56:35 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 12:56:35 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On 5 September 2015 at 12:14, Donald Stufft wrote: > On September 4, 2015 at 10:12:08 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: >> It's only the interoperability specs where we currently follow the RFC >> model of having the same document describe both the end result *and* >> the rationale for changes from the previous version, and I mostly find >> it to be a pain. >> > > I'm not sure that I follow what you?re saying here, can you describe what your > ideal situation would look like? 1. We add a new section to packaging.python.org for "Specifications". The specification sections of approved PEPs (compatibility tags, wheel format, version specifiers, dist-info directories) get added there. API specifications for index servers may also be added there. 2. Interoperability PEPs become proposals for new packaging.python.org specifications or changes to existing specifications, rather than specifications in their own right. 3. Each specification has a "version history" section at the bottom, which links to the PEPs that drove each update. This way, the PEPs can focus on transition plans, backwards compatibility constraints, and the rationale for particular changes, etc, but folks wanting "just the current spec, thanks" can look at the latest version on packaging.python.org without worrying about the history. It also means that the specs themselves (whether additions or updates) can be prepared as packaging.python.org PRs. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From donald at stufft.io Sat Sep 5 05:06:02 2015 From: donald at stufft.io (Donald Stufft) Date: Fri, 4 Sep 2015 23:06:02 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 4, 2015 at 10:56:38 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: > On 5 September 2015 at 12:14, Donald Stufft wrote: > > On September 4, 2015 at 10:12:08 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: > >> It's only the interoperability specs where we currently follow the RFC > >> model of having the same document describe both the end result *and* > >> the rationale for changes from the previous version, and I mostly find > >> it to be a pain. > >> > > > > I'm not sure that I follow what you?re saying here, can you describe what your > > ideal situation would look like? > > 1. We add a new section to packaging.python.org for "Specifications". > The specification sections of approved PEPs (compatibility tags, wheel > format, version specifiers, dist-info directories) get added there. > API specifications for index servers may also be added there. > > 2. Interoperability PEPs become proposals for new packaging.python.org > specifications or changes to existing specifications, rather than > specifications in their own right. > > 3. Each specification has a "version history" section at the bottom, > which links to the PEPs that drove each update. > > This way, the PEPs can focus on transition plans, backwards > compatibility constraints, and the rationale for particular changes, > etc, but folks wanting "just the current spec, thanks" can look at the > latest version on packaging.python.org without worrying about the > history. > > It also means that the specs themselves (whether additions or updates) > can be prepared as packaging.python.org PRs. > Personally I don't have much of a problem with the specs living as PEPs, I think a bigger problem is that we're producing specs that have end user impact without anything designed for end users to go along with them. PEP 440 is a wonderful example of this, the spec of PEP 440 goes into lots of edge cases and describes the reasons why particular decisions were made and all of that jazz. I think all of that data is useful when you're implementing PEP 440 because it helps inform how someone interprets the spec in situations where it may be ambiguous. What I don't think is useful is having no answer to someone who asks "What's a valid version for a Python package" except "here go read this massive document which covers tons of edge cases which you don't really need to care about unless you're pip/PyPI/setuptools etc". I guess for me then, the ideal situation would be to keep using PEPs for the actual specification/RFC like documentation, but when that has end user impact then a requirement is that it comes with a PR to packaging.python.org that gives us end user documentation for the spec, before the spec can be accepted (or finalized or whatever the right terminology is). I mean, I don't have a specific problem with the specs living somewhere else as well, I just don't think moving a lengthy document full of edge cases from one location to another is going to make things better unless we start producing end user focused documentation, and in many cases it may make it worse since understanding a spec fully often requires understanding why certain decisions were made. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From ncoghlan at gmail.com Sat Sep 5 05:09:26 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 13:09:26 +1000 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: Message-ID: On 5 September 2015 at 11:17, Donald Stufft wrote: > Now that PEP 470 is accepted, I don't forsee any more changes to the API that > installers are expected to use when talking to PyPI. Given that there are > multiple implementations of PyPI and multiple clients talking to PyPI I wanted > to document the API that any implementation (PyPI included) is expected to > adhere too. > > I've gone ahead and made myself the BDFL-Delegate for this PEP since this is > just documenting the current (once PEP 470 is fully implemented) behavior and > it isn't adding, changing, or removing anything. I did want to post it here for > others to see so that people can check my work but unless someone points > something out or objects to it I plan to accept this PEP in a week. +1, that sounds good to me. I'll also post something about BDFL-Delegates for distutils-sig PEPs, so we can try to be consistent about things :) Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Sat Sep 5 05:41:55 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 13:41:55 +1000 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs Message-ID: We've got to a point where the original standing delegations to myself and Richard Jones to act as BDFL-Delegates for metadata interoperability and pypi.python.org related aren't scaling adequately, so given Paul's recent delegation for PEP 470, and Donald handling PEP 503 directly, it seems like an opportune time to put something in writing about that. For PyPA/distutils-sig specific PEPs, we've effectively adopted the following approach to assigning BDFL-Delegates in resolving PEPs 470 and 503: ================================= Whenever a new PEP is put forward on distutils-sig, any PyPA core reviewer that believes they are suitably experienced to make the final decision on that PEP may offer to serve as the BDFL's delegate (or "PEP czar") for that PEP. If their self-nomination is accepted by the other PyPA core reviewer, the lead PyPI maintainer and the lead CPython representative on distutils-sig, then they will have the authority to approve (or reject) that PEP. ================================= And translating the nominated roles to the folks currently filling them: "lead PyPI maintainer" = Donald Stufft; "lead CPython representative on distutils-sig" = me. "PyPA core reviewer" isn't a term we've previously used, but I'm aiming to capture "has approval rights for pull requests to one or more of the PyPA maintained source code or documentation repos". Some further details for the benefit of folks not aware of the relevant history: * a couple of years ago, we amended PEP 1 to give the "Discussions-To" header some additional force for PEPs which don't directly affect CPython: """PEP review and resolution may also occur on a list other than python-dev (for example, distutils-sig for packaging related PEPs that don't immediately affect the standard library). In this case, the "Discussions-To" heading in the PEP will identify the appropriate alternative list where discussion, review and pronouncement on the PEP will occur.""" * we *didn't* update the section about assignment of BDFL-Delegates. Instead, I received a general delegation for packaging metadata interoperability PEPs, and Richard Jones received one for pypi.python.org related PEPs * Richard subsequently passed the latter delegation on to Donald, since Donald had taken over as the lead maintainer for PyPI The section in PEP 1 for CPython BDFL-Delegates reads as follows: ================================= However, whenever a new PEP is put forward, any core developer that believes they are suitably experienced to make the final decision on that PEP may offer to serve as the BDFL's delegate (or "PEP czar") for that PEP. If their self-nomination is accepted by the other core developers and the BDFL, then they will have the authority to approve (or reject) that PEP. ================================= This process can be appropriately described as "volunteering to be blamed" - if a PEP from a less experienced contributor subsequently proves to be a mistake, that's on the BDFL-Delegate for saying "Yes", not on the PEP author for proposing it. Mostly though, it's so there's someone to have the final say on the fiddly little details that go into getting from a general concept to an actual implementation, without getting mired down in design-by-committee on every incidental detail. As PEP authors, we'll also often ask someone else specifically to volunteer as BDFL-Delegate, because we trust their judgement in relation to the topic at hand (e.g. I asked Martin von L?wis to be BDFL-Delegate for the original ensurepip PEP because I knew he was skeptical of the idea, so a design that passed muster with him was likely to have suitably addressed the ongoing maintainability concerns. Guido did something similar when he asked Mark Shannon to be BDFL-Delegate for PEP 484's gradual typing). Regards, Nick. P.S. It's becoming clear to me that I should probably write a companion PEP to PEP 1 that specifically describes distutils-sig's usage of the PEP process (and how that differs from the normal CPython processes), but hopefully this post provides sufficient clarification for now. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From qwcode at gmail.com Sat Sep 5 06:24:57 2015 From: qwcode at gmail.com (Marcus Smith) Date: Fri, 4 Sep 2015 21:24:57 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: > I don't have a specific problem with the specs living somewhere else > as well, I just don't think moving a lengthy document full of edge cases > from one location to another is going to make things better If I may, I don't think that really captures Nick's idea. I think it's about clearly distinguishing the following: 1) Current Specs (for metadata, versioning, pypi etc..) 2) Proposals to adjust or add to the Current Specs We don't have a clear distinction right now. We just have a series of PEPs, and it's work to figure out where the actual current spec is at, in the noise of rationales and transition plans etc... - So, for #1, maintain documents in PyPUG - For #2, keep using PEPs - As PEPs are accepted, update the Spec docs (the version history can mention what PEP drove the change) And separate from all of this I think is your idea that regular Usage docs should be modified as well, as PEPs are accepted, which I think is great. Marcus On Fri, Sep 4, 2015 at 8:06 PM, Donald Stufft wrote: > On September 4, 2015 at 10:56:38 PM, Nick Coghlan (ncoghlan at gmail.com) > wrote: > > On 5 September 2015 at 12:14, Donald Stufft wrote: > > > On September 4, 2015 at 10:12:08 PM, Nick Coghlan (ncoghlan at gmail.com) > wrote: > > >> It's only the interoperability specs where we currently follow the RFC > > >> model of having the same document describe both the end result *and* > > >> the rationale for changes from the previous version, and I mostly find > > >> it to be a pain. > > >> > > > > > > I'm not sure that I follow what you?re saying here, can you describe > what your > > > ideal situation would look like? > > > > 1. We add a new section to packaging.python.org for "Specifications". > > The specification sections of approved PEPs (compatibility tags, wheel > > format, version specifiers, dist-info directories) get added there. > > API specifications for index servers may also be added there. > > > > 2. Interoperability PEPs become proposals for new packaging.python.org > > specifications or changes to existing specifications, rather than > > specifications in their own right. > > > > 3. Each specification has a "version history" section at the bottom, > > which links to the PEPs that drove each update. > > > > This way, the PEPs can focus on transition plans, backwards > > compatibility constraints, and the rationale for particular changes, > > etc, but folks wanting "just the current spec, thanks" can look at the > > latest version on packaging.python.org without worrying about the > > history. > > > > It also means that the specs themselves (whether additions or updates) > > can be prepared as packaging.python.org PRs. > > > > Personally I don't have much of a problem with the specs living as PEPs, I > think a bigger problem is that we're producing specs that have end user > impact > without anything designed for end users to go along with them. PEP 440 is a > wonderful example of this, the spec of PEP 440 goes into lots of edge > cases and > describes the reasons why particular decisions were made and all of that > jazz. > I think all of that data is useful when you're implementing PEP 440 > because it > helps inform how someone interprets the spec in situations where it may be > ambiguous. > > What I don't think is useful is having no answer to someone who asks > "What's > a valid version for a Python package" except "here go read this massive > document which covers tons of edge cases which you don't really need to > care > about unless you're pip/PyPI/setuptools etc". > > I guess for me then, the ideal situation would be to keep using PEPs for > the > actual specification/RFC like documentation, but when that has end user > impact > then a requirement is that it comes with a PR to packaging.python.org that > gives us end user documentation for the spec, before the spec can be > accepted > (or finalized or whatever the right terminology is). I mean, I don't have a > specific problem with the specs living somewhere else as well, I just don't > think moving a lengthy document full of edge cases from one location to > another > is going to make things better unless we start producing end user focused > documentation, and in many cases it may make it worse since understanding a > spec fully often requires understanding why certain decisions were made. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncoghlan at gmail.com Sat Sep 5 08:43:58 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 16:43:58 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On 5 September 2015 at 14:24, Marcus Smith wrote: >> I don't have a specific problem with the specs living somewhere else >> as well, I just don't think moving a lengthy document full of edge cases >> from one location to another is going to make things better > > If I may, I don't think that really captures Nick's idea. Right, having more user friendly introductions on packaging.python.org is a good idea, but it's a separate question. To address that specific problem, we can paraphrase the semantic versioning compatibility section from PEP 440: https://www.python.org/dev/peps/pep-0440/#semantic-versioning I filed a PR along those lines, inserting it as a new subsection under "Configuring your project" > I think it's about clearly distinguishing the following: > > 1) Current Specs (for metadata, versioning, pypi etc..) > 2) Proposals to adjust or add to the Current Specs > > We don't have a clear distinction right now. We just have a series of > PEPs, and it's work to figure out where the actual current spec is at, in > the noise of rationales and transition plans etc... > > - So, for #1, maintain documents in PyPUG > - For #2, keep using PEPs > - As PEPs are accepted, update the Spec docs (the version history can > mention what PEP drove the change) Right. Another potential benefit of this approach is that it means we can more easily cross-link from the implementor facing specifications to end user facing parts of the user guide - at the moment, there's no standard discoverability path from PEPs like PEP 440 to packaging.python.org at all. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Sat Sep 5 08:44:39 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 16:44:39 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On 5 September 2015 at 16:43, Nick Coghlan wrote: > On 5 September 2015 at 14:24, Marcus Smith wrote: >>> I don't have a specific problem with the specs living somewhere else >>> as well, I just don't think moving a lengthy document full of edge cases >>> from one location to another is going to make things better >> >> If I may, I don't think that really captures Nick's idea. > > Right, having more user friendly introductions on packaging.python.org > is a good idea, but it's a separate question. To address that specific > problem, we can paraphrase the semantic versioning compatibility > section from PEP 440: > https://www.python.org/dev/peps/pep-0440/#semantic-versioning > > I filed a PR along those lines, inserting it as a new subsection under > "Configuring your project" And the link for that: https://github.com/pypa/python-packaging-user-guide/pull/163 Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From njs at pobox.com Sat Sep 5 08:46:13 2015 From: njs at pobox.com (Nathaniel Smith) Date: Fri, 4 Sep 2015 23:46:13 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Fri, Sep 4, 2015 at 9:24 PM, Marcus Smith wrote: >> I don't have a specific problem with the specs living somewhere else >> as well, I just don't think moving a lengthy document full of edge cases >> from one location to another is going to make things better > > If I may, I don't think that really captures Nick's idea. > > I think it's about clearly distinguishing the following: > > 1) Current Specs (for metadata, versioning, pypi etc..) > 2) Proposals to adjust or add to the Current Specs > > We don't have a clear distinction right now. We just have a series of > PEPs, and it's work to figure out where the actual current spec is at, in > the noise of rationales and transition plans etc... Speaking as someone who has been pretty confused in the past trying to look up what the actual current rules are for something like version numbers or metadata (is this the current PEP? oh wait this one's newer -- oh but wait is the newer one still in development? or maybe abandoned?, etc.): +1 -- Nathaniel J. Smith -- http://vorpus.org From ncoghlan at gmail.com Sat Sep 5 10:35:52 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sat, 5 Sep 2015 18:35:52 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On 5 September 2015 at 16:46, Nathaniel Smith wrote: > On Fri, Sep 4, 2015 at 9:24 PM, Marcus Smith wrote: >>> I don't have a specific problem with the specs living somewhere else >>> as well, I just don't think moving a lengthy document full of edge cases >>> from one location to another is going to make things better >> >> If I may, I don't think that really captures Nick's idea. >> >> I think it's about clearly distinguishing the following: >> >> 1) Current Specs (for metadata, versioning, pypi etc..) >> 2) Proposals to adjust or add to the Current Specs >> >> We don't have a clear distinction right now. We just have a series of >> PEPs, and it's work to figure out where the actual current spec is at, in >> the noise of rationales and transition plans etc... > > Speaking as someone who has been pretty confused in the past trying to > look up what the actual current rules are for something like version > numbers or metadata (is this the current PEP? oh wait this one's newer > -- oh but wait is the newer one still in development? or maybe > abandoned?, etc.): +1 We also have specs like Tarek's database of installed distributions (https://www.python.org/dev/peps/pep-0376/), where we kept the "dist-info" parts, but not any of the API proposals. *Existing* formats (like sdist) could also be specified there without requiring a new PEP (modulo people's time to do the work, but at least having a place for such specs to *go* would be a good first step). Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From marius at gedmin.as Sat Sep 5 10:44:33 2015 From: marius at gedmin.as (Marius Gedminas) Date: Sat, 5 Sep 2015 11:44:33 +0300 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: Message-ID: <20150905084433.GA20460@platonas> On Fri, Sep 04, 2015 at 09:17:18PM -0400, Donald Stufft wrote: > You can see this PEP online at https://www.python.org/dev/peps/pep-0503/ or I > have reproduced it inline below. > ... > Below the root URL is another URL for each individual project contained within > a repository. The format of this URL is ``//`` where the ```` > is replaced by the normalized name for that project, so a project named > "HolyGrail" would have an URL like ``/holygrail/``. This URL must response with Typo: "must response" -> "must respond" > a valid HTML5 page with a single anchor element per file for the project. The > text of the anchor tag **MUST** be the filename of the file and the href > attribute **MUST** be an URL that links to the location of the file for > download. The URL **SHOULD** include a hash in the form of an URL fragment with > the following syntax: ``#=``, where ```` is the > lowercase name of the hash function (such as ``sha256``) and ```` is > the hex encoded digest. > > In addition to the above, the following constraints are placed on the API: > > * All URLs **MUST** end with a ``/`` and the repository **SHOULD** redirect the > ? URLs without a ``/`` to add a ``/`` to the end. (except for URLs pointing to downloadable files, I presume?) > * There is no constraints on where the files must be hosted relative to the > ? repository. > Normalized Names > ---------------- > > This PEP references the concept of a "normalized" project name. As per PEP 426 > the only valid characters in a name are the ASCII alphabet, ASCII numbers, > ``.``, ``-``, and ``_``. For a second I thought this referred to a normalized name and got confused ("I thought _ and - were interchangeable?"). Maybe it's worth clarifying with s/in a name/in a ("unnormalized") name/. Or maybe not -- the rest of the paragraph clears away the confusion quickly enough. > The name should be lowercased with all runs of the > characters ``.``, ``-``, or ``_`` replaced with a single ``-`` character. This > can be implemented in Python with the ``re`` module:: > > ? ?import re > > ? ?def normalize(name): > ? ? ? ?return re.sub(r"[-_.]+", "-", name).lower() Oh, excellent! Having this documented briefly and clearly is most welcome! Marius Gedminas -- yeah, i'm reading the answers, currently but what I see is that there is no real procedure to rebuild initfs the common way seems to use a loop device with a jffs2 filesystem, put original files there, and add other files, then umount, flash and pray Corsac: You forgot "ritual sacrifice of a medium sized rodent". Without that, it'll never work. And if it doesn't work the first time, re-adjust towel ordering in the restroom and try again -- #maemo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 173 bytes Desc: Digital signature URL: From mal at egenix.com Sat Sep 5 11:43:37 2015 From: mal at egenix.com (M.-A. Lemburg) Date: Sat, 05 Sep 2015 11:43:37 +0200 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: Message-ID: <55EAB949.6030603@egenix.com> On 05.09.2015 03:17, Donald Stufft wrote: > You can see this PEP online at https://www.python.org/dev/peps/pep-0503/ or I > have reproduced it inline below. Thanks for writing this up, Donald. Some comments below... > ----------------------------------------------- > > Abstract > ======== > > There are many implementations of a Python package repository and many tools > that consume them. Of these, the cannonical implementation that defines what s/cannonical/canonical/ > the "simple" repository API looks like is the implementation that powers > PyPI. This document will specify that API, documenting what the correct > behavior for any implementation of the simple repository API. > > Specification > ============= > > A repository that implements the simple API is defined by its base url, this is > the top level URL that all additional URLS are below. The API is named the > "simple" repository due to fact that PyPI's base URL is > ``https://pypi.python.org/simple/``. > > .. note:: All subsequent URLs in this document will be relative to this base > URL (so given PyPI's URL, an URL of ``/foo/`` would be > ``https://pypi.python.org/simple/foo/``). > > > Within a repository, the root URL (``/``) **MUST** be a valid HTML5 page with a > single anchor element per project in the repository. The text of the anchor tag > **MUST** be the normalized name of the project and the href attribute **MUST** > link to the URL for that particular project. As an example:: > > > > > frob > spamspamspam > > > > Below the root URL is another URL for each individual project contained within > a repository. The format of this URL is ``//`` where the ```` > is replaced by the normalized name for that project, so a project named > "HolyGrail" would have an URL like ``/holygrail/``. Hmm, if the installer will build the URL itself, why is there even a need for a top-level index page ? I mean for the occasional human reading the page it will certainly make sense to have such a page, but for the API this doesn't appear to be essentially needed. Or is the idea to have the package manager scan the index for package hosted on that index prior to asking for the package it would like to install ? > This URL must response with > a valid HTML5 page with a single anchor element per file for the project. The > text of the anchor tag **MUST** be the filename of the file and the href > attribute **MUST** be an URL that links to the location of the file for > download. The URL **SHOULD** include a hash in the form of an URL fragment with > the following syntax: ``#=``, where ```` is the > lowercase name of the hash function (such as ``sha256``) and ```` is > the hex encoded digest. > > In addition to the above, the following constraints are placed on the API: > > * All URLs **MUST** end with a ``/`` and the repository **SHOULD** redirect the > URLs without a ``/`` to add a ``/`` to the end. I think you only meant this for URLs that point to index pages, since doing this for filenames would not be such a good idea (confuses the MIME content type logic). For site navigation, pages will typically also include relative links such as "..". The spec should not disallow these. > * There is no constraints on where the files must be hosted relative to the > repository. > > * There may be any other HTML elements on the API pages as long as the required > anchor elements exist. Would it help the package manager to more easily detect the links that point to distribution files instead of e.g. documentation or other resources ? setuptools uses rel="download" for this: https://pythonhosted.org/setuptools/easy_install.html#package-index-api The downside here is that a simple web server directory listing would no longer be compatible with the spec, so perhaps just make this optional to optimize the link scanning: * Project pages SHOULD add a rel="homepage" attribute to link elements of distribution file. The same could then be done for index page links to project pages: * Index pages SHOULD add a rel="download" attribute to link elements of distribution file. The rel attributes used here are the ones that setuptools requires, in order to be able to build indexes which are compatible to setuptools as well. > * Repositories **MAY** redirect unnormalized URLs to the cannonical normalized > URL (e.g. ``/Foobar/`` may redirect to ``/foobar/``), however clients > **MUST NOT** rely on this redirection and **MUST** request the normalized > URL. > > * Repositories **SHOULD** choose a hash function from one of the ones > guarenteed to be available via the ``hashlib`` module in the Python standard s/guarenteed/guaranteed/ > library (currently ``md5``, ``sha1``, ``sha224``, ``sha256``, ``sha384``, > ``sha512``). The current recommendation is to use ``sha256``. Could we perhaps also add optional features like: * Distribution link elements MAY include a data-gpg-sig="" attribute to provide a GPG signature of the linked file This could later be extended to more meta data, such as platform tags, distribution file types, license info, mirror locations, documentation, help strings, etc. > Normalized Names > ---------------- > > This PEP references the concept of a "normalized" project name. As per PEP 426 > the only valid characters in a name are the ASCII alphabet, ASCII numbers, > ``.``, ``-``, and ``_``. The name should be lowercased with all runs of the > characters ``.``, ``-``, or ``_`` replaced with a single ``-`` character. This > can be implemented in Python with the ``re`` module:: > > import re > > def normalize(name): > return re.sub(r"[-_.]+", "-", name).lower() -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Sep 05 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2015-08-27: Released eGenix mx Base 3.2.9 ... http://egenix.com/go83 2015-09-18: PyCon UK 2015 ... 13 days to go ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From donald at stufft.io Sat Sep 5 18:12:03 2015 From: donald at stufft.io (Donald Stufft) Date: Sat, 5 Sep 2015 12:12:03 -0400 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: <55EAB949.6030603@egenix.com> References: <55EAB949.6030603@egenix.com> Message-ID: On September 5, 2015 at 5:43:58 AM, M.-A. Lemburg (mal at egenix.com) wrote: > > Hmm, if the installer will build the URL itself, why is there even > a need for a top-level index page ? > > I mean for the occasional human reading the page it will certainly > make sense to have such a page, but for the API this doesn't > appear to be essentially needed. > > Or is the idea to have the package manager scan the index for package > hosted on that index prior to asking for the package it would like > to install ? The latest versions of pip won't use it, setuptools and older versions of pip will use it though. The versions of pip/setuptools that would use it, use it as a fallback. They don't pre-normalize the name before requesting the URL so they just used whatever the user typed. This comes from when a project like "Django" was at /simple/Django/ on PyPI but if a user typed ``pip install django`` it would first fetch /simple/django/ and if that 404'd it would fall back onto /simple/ and look for these links. On PyPI this rarely happened because PyPI redirects /simple/anything-that-normalizes-to-the-name/ to the correct URL but it's useful for static repositories that don't have something to redirect it in front. I've tried to make it so that all of the SHOULD and MUST directives can be implement by a standard Nginx/Apache/whatever web server with static files while maintaining compatability with older installers. > > Would it help the package manager to more easily detect the links > that point to distribution files instead of e.g. documentation or > other resources ? > > setuptools uses rel="download" for this: > > https://pythonhosted.org/setuptools/easy_install.html#package-index-api? This is actually for the link spidering that PEP 470 removed, links marked with either rel="download" or rel="homepage" would be fetched (unless they looked installable) and searched for additional links before PEP 438/470 started to deprecate/remove them. Both setuptools and pip only need a simple page that has links that point to files on the, see for example the /simple/ page for requests: https://pypi.python.org/simple/requests/ > > Could we perhaps also add optional features like: > > * Distribution link elements MAY include a data-gpg-sig="" > attribute to provide a GPG signature of the linked file > > This could later be extended to more meta data, such as platform > tags, distribution file types, license info, mirror locations, > documentation, help strings, etc. I actually forgot to mention the GPG signatures, currently the assumption is that if a GPG signature exists it will live at the same location as the file with a .asc on the end, so if the file is /packages/Django-1.0.tar.gz then the GPG signature will be located at /packages/Django-1.0.tar.gz.asc. I'll add this to the PEP. I don't want to add more features to the API, particularly not in this PEP. My longer term plan is to work on a a new API for installers to use which will be easier to work with. The current API is great for it's simplicity and the fact it can be implemented on the server side with nothing more than a directory structure full of files and python -m http.server. The plan in my head is to add a new repository API which can handle the more complex cases AND which will most likely be JSON based to simplify parsing of it. The simple API would not be deprecated, it would just be up to the repository which "version" of the API they use. For people hosting their own repositories, if they have a simple case they will be able to get away with the simple API, but the more complex API would offer benefits like being able to access the metadata information without downloading the file. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From donald at stufft.io Sat Sep 5 18:15:29 2015 From: donald at stufft.io (Donald Stufft) Date: Sat, 5 Sep 2015 12:15:29 -0400 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: I've updated the PEP with the typo corrections, clarifications, and the missing GPG signature support that Marc-Andre and Marius pointed out. It should be live on the PEP site soon, but the diff can be viewed online at https://hg.python.org/peps/rev/a314911efa10 ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From donald at stufft.io Sat Sep 5 22:32:13 2015 From: donald at stufft.io (Donald Stufft) Date: Sat, 5 Sep 2015 16:32:13 -0400 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: If it?s more useful we could also just use an RFC repository like Rust does instead of doing a mishmash between having Python using PEPs and packaging using PEPs. On September 4, 2015 at 11:42:21 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: > We've got to a point where the original standing delegations to myself > and Richard Jones to act as BDFL-Delegates for metadata > interoperability and pypi.python.org related aren't scaling > adequately, so given Paul's recent delegation for PEP 470, and Donald > handling PEP 503 directly, it seems like an opportune time to put > something in writing about that. > > For PyPA/distutils-sig specific PEPs, we've effectively adopted the > following approach to assigning BDFL-Delegates in resolving PEPs 470 > and 503: > > ================================= > Whenever a new PEP is put forward on distutils-sig, any PyPA core > reviewer that believes they are suitably experienced to make the final > decision on that PEP may offer to serve as the BDFL's delegate (or > "PEP czar") for that PEP. If their self-nomination is accepted by the > other PyPA core reviewer, the lead PyPI maintainer and the lead > CPython representative on distutils-sig, then they will have the > authority to approve (or reject) that PEP. > ================================= > > And translating the nominated roles to the folks currently filling > them: "lead PyPI maintainer" = Donald Stufft; "lead CPython > representative on distutils-sig" = me. > > "PyPA core reviewer" isn't a term we've previously used, but I'm > aiming to capture "has approval rights for pull requests to one or > more of the PyPA maintained source code or documentation repos". > > Some further details for the benefit of folks not aware of the relevant history: > > * a couple of years ago, we amended PEP 1 to give the "Discussions-To" > header some additional force for PEPs which don't directly affect > CPython: """PEP review and resolution may also occur on a list other > than python-dev (for example, distutils-sig for packaging related PEPs > that don't immediately affect the standard library). In this case, the > "Discussions-To" heading in the PEP will identify the appropriate > alternative list where discussion, review and pronouncement on the PEP > will occur.""" > > * we *didn't* update the section about assignment of BDFL-Delegates. > Instead, I received a general delegation for packaging metadata > interoperability PEPs, and Richard Jones received one for > pypi.python.org related PEPs > > * Richard subsequently passed the latter delegation on to Donald, > since Donald had taken over as the lead maintainer for PyPI > > The section in PEP 1 for CPython BDFL-Delegates reads as follows: > ================================= > However, whenever a new PEP is put forward, any core developer that > believes they are suitably experienced to make the final decision on > that PEP may offer to serve as the BDFL's delegate (or "PEP czar") for > that PEP. If their self-nomination is accepted by the other core > developers and the BDFL, then they will have the authority to approve > (or reject) that PEP. > ================================= > > This process can be appropriately described as "volunteering to be > blamed" - if a PEP from a less experienced contributor subsequently > proves to be a mistake, that's on the BDFL-Delegate for saying "Yes", > not on the PEP author for proposing it. Mostly though, it's so there's > someone to have the final say on the fiddly little details that go > into getting from a general concept to an actual implementation, > without getting mired down in design-by-committee on every incidental > detail. > > As PEP authors, we'll also often ask someone else specifically to > volunteer as BDFL-Delegate, because we trust their judgement in > relation to the topic at hand (e.g. I asked Martin von L?wis to be > BDFL-Delegate for the original ensurepip PEP because I knew he was > skeptical of the idea, so a design that passed muster with him was > likely to have suitably addressed the ongoing maintainability > concerns. Guido did something similar when he asked Mark Shannon to be > BDFL-Delegate for PEP 484's gradual typing). > > Regards, > Nick. > > P.S. It's becoming clear to me that I should probably write a > companion PEP to PEP 1 that specifically describes distutils-sig's > usage of the PEP process (and how that differs from the normal CPython > processes), but hopefully this post provides sufficient clarification > for now. > > -- > Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From qwcode at gmail.com Sun Sep 6 00:31:05 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sat, 5 Sep 2015 15:31:05 -0700 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: is this a response to other thread about how/where to store specs and PEPs? If not, what in this email are you responding to? On Sat, Sep 5, 2015 at 1:32 PM, Donald Stufft wrote: > If it?s more useful we could also just use an RFC repository like Rust > does instead of doing a mishmash between having Python using PEPs and > packaging using PEPs. > > On September 4, 2015 at 11:42:21 PM, Nick Coghlan (ncoghlan at gmail.com) > wrote: > > We've got to a point where the original standing delegations to myself > > and Richard Jones to act as BDFL-Delegates for metadata > > interoperability and pypi.python.org related aren't scaling > > adequately, so given Paul's recent delegation for PEP 470, and Donald > > handling PEP 503 directly, it seems like an opportune time to put > > something in writing about that. > > > > For PyPA/distutils-sig specific PEPs, we've effectively adopted the > > following approach to assigning BDFL-Delegates in resolving PEPs 470 > > and 503: > > > > ================================= > > Whenever a new PEP is put forward on distutils-sig, any PyPA core > > reviewer that believes they are suitably experienced to make the final > > decision on that PEP may offer to serve as the BDFL's delegate (or > > "PEP czar") for that PEP. If their self-nomination is accepted by the > > other PyPA core reviewer, the lead PyPI maintainer and the lead > > CPython representative on distutils-sig, then they will have the > > authority to approve (or reject) that PEP. > > ================================= > > > > And translating the nominated roles to the folks currently filling > > them: "lead PyPI maintainer" = Donald Stufft; "lead CPython > > representative on distutils-sig" = me. > > > > "PyPA core reviewer" isn't a term we've previously used, but I'm > > aiming to capture "has approval rights for pull requests to one or > > more of the PyPA maintained source code or documentation repos". > > > > Some further details for the benefit of folks not aware of the relevant > history: > > > > * a couple of years ago, we amended PEP 1 to give the "Discussions-To" > > header some additional force for PEPs which don't directly affect > > CPython: """PEP review and resolution may also occur on a list other > > than python-dev (for example, distutils-sig for packaging related PEPs > > that don't immediately affect the standard library). In this case, the > > "Discussions-To" heading in the PEP will identify the appropriate > > alternative list where discussion, review and pronouncement on the PEP > > will occur.""" > > > > * we *didn't* update the section about assignment of BDFL-Delegates. > > Instead, I received a general delegation for packaging metadata > > interoperability PEPs, and Richard Jones received one for > > pypi.python.org related PEPs > > > > * Richard subsequently passed the latter delegation on to Donald, > > since Donald had taken over as the lead maintainer for PyPI > > > > The section in PEP 1 for CPython BDFL-Delegates reads as follows: > > ================================= > > However, whenever a new PEP is put forward, any core developer that > > believes they are suitably experienced to make the final decision on > > that PEP may offer to serve as the BDFL's delegate (or "PEP czar") for > > that PEP. If their self-nomination is accepted by the other core > > developers and the BDFL, then they will have the authority to approve > > (or reject) that PEP. > > ================================= > > > > This process can be appropriately described as "volunteering to be > > blamed" - if a PEP from a less experienced contributor subsequently > > proves to be a mistake, that's on the BDFL-Delegate for saying "Yes", > > not on the PEP author for proposing it. Mostly though, it's so there's > > someone to have the final say on the fiddly little details that go > > into getting from a general concept to an actual implementation, > > without getting mired down in design-by-committee on every incidental > > detail. > > > > As PEP authors, we'll also often ask someone else specifically to > > volunteer as BDFL-Delegate, because we trust their judgement in > > relation to the topic at hand (e.g. I asked Martin von L?wis to be > > BDFL-Delegate for the original ensurepip PEP because I knew he was > > skeptical of the idea, so a design that passed muster with him was > > likely to have suitably addressed the ongoing maintainability > > concerns. Guido did something similar when he asked Mark Shannon to be > > BDFL-Delegate for PEP 484's gradual typing). > > > > Regards, > > Nick. > > > > P.S. It's becoming clear to me that I should probably write a > > companion PEP to PEP 1 that specifically describes distutils-sig's > > usage of the PEP process (and how that differs from the normal CPython > > processes), but hopefully this post provides sufficient clarification > > for now. > > > > -- > > Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia > > _______________________________________________ > > Distutils-SIG maillist - Distutils-SIG at python.org > > https://mail.python.org/mailman/listinfo/distutils-sig > > > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncoghlan at gmail.com Sun Sep 6 01:12:53 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sun, 6 Sep 2015 09:12:53 +1000 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: On 6 Sep 2015 08:31, "Marcus Smith" wrote: > > is this a response to other thread about how/where to store specs and PEPs? > If not, what in this email are you responding to? I believe Donald was suggesting we could just have a PyPA specific change proposal process hosted on packaging.python.org, rather than using a variant of the PEP process. I don't want to do that though - PyPA/distutils-sig's authority *is* delegated from python-dev through the BDFL-Delegate and Discussions-To headers in the regular PEP process, and there are going to be some proposals affecting ensurepip and distutils that still fall under python-dev rather than distutils-sig. Dealing with the PEP repo is currently more painful than it needs to be, but that's what the forge.python.org proposals aim to address. Cheers, Nick. > > On Sat, Sep 5, 2015 at 1:32 PM, Donald Stufft wrote: >> >> If it?s more useful we could also just use an RFC repository like Rust does instead of doing a mishmash between having Python using PEPs and packaging using PEPs. >> >> On September 4, 2015 at 11:42:21 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: >> > We've got to a point where the original standing delegations to myself >> > and Richard Jones to act as BDFL-Delegates for metadata >> > interoperability and pypi.python.org related aren't scaling >> > adequately, so given Paul's recent delegation for PEP 470, and Donald >> > handling PEP 503 directly, it seems like an opportune time to put >> > something in writing about that. >> > >> > For PyPA/distutils-sig specific PEPs, we've effectively adopted the >> > following approach to assigning BDFL-Delegates in resolving PEPs 470 >> > and 503: >> > >> > ================================= >> > Whenever a new PEP is put forward on distutils-sig, any PyPA core >> > reviewer that believes they are suitably experienced to make the final >> > decision on that PEP may offer to serve as the BDFL's delegate (or >> > "PEP czar") for that PEP. If their self-nomination is accepted by the >> > other PyPA core reviewer, the lead PyPI maintainer and the lead >> > CPython representative on distutils-sig, then they will have the >> > authority to approve (or reject) that PEP. >> > ================================= >> > >> > And translating the nominated roles to the folks currently filling >> > them: "lead PyPI maintainer" = Donald Stufft; "lead CPython >> > representative on distutils-sig" = me. >> > >> > "PyPA core reviewer" isn't a term we've previously used, but I'm >> > aiming to capture "has approval rights for pull requests to one or >> > more of the PyPA maintained source code or documentation repos". >> > >> > Some further details for the benefit of folks not aware of the relevant history: >> > >> > * a couple of years ago, we amended PEP 1 to give the "Discussions-To" >> > header some additional force for PEPs which don't directly affect >> > CPython: """PEP review and resolution may also occur on a list other >> > than python-dev (for example, distutils-sig for packaging related PEPs >> > that don't immediately affect the standard library). In this case, the >> > "Discussions-To" heading in the PEP will identify the appropriate >> > alternative list where discussion, review and pronouncement on the PEP >> > will occur.""" >> > >> > * we *didn't* update the section about assignment of BDFL-Delegates. >> > Instead, I received a general delegation for packaging metadata >> > interoperability PEPs, and Richard Jones received one for >> > pypi.python.org related PEPs >> > >> > * Richard subsequently passed the latter delegation on to Donald, >> > since Donald had taken over as the lead maintainer for PyPI >> > >> > The section in PEP 1 for CPython BDFL-Delegates reads as follows: >> > ================================= >> > However, whenever a new PEP is put forward, any core developer that >> > believes they are suitably experienced to make the final decision on >> > that PEP may offer to serve as the BDFL's delegate (or "PEP czar") for >> > that PEP. If their self-nomination is accepted by the other core >> > developers and the BDFL, then they will have the authority to approve >> > (or reject) that PEP. >> > ================================= >> > >> > This process can be appropriately described as "volunteering to be >> > blamed" - if a PEP from a less experienced contributor subsequently >> > proves to be a mistake, that's on the BDFL-Delegate for saying "Yes", >> > not on the PEP author for proposing it. Mostly though, it's so there's >> > someone to have the final say on the fiddly little details that go >> > into getting from a general concept to an actual implementation, >> > without getting mired down in design-by-committee on every incidental >> > detail. >> > >> > As PEP authors, we'll also often ask someone else specifically to >> > volunteer as BDFL-Delegate, because we trust their judgement in >> > relation to the topic at hand (e.g. I asked Martin von L?wis to be >> > BDFL-Delegate for the original ensurepip PEP because I knew he was >> > skeptical of the idea, so a design that passed muster with him was >> > likely to have suitably addressed the ongoing maintainability >> > concerns. Guido did something similar when he asked Mark Shannon to be >> > BDFL-Delegate for PEP 484's gradual typing). >> > >> > Regards, >> > Nick. >> > >> > P.S. It's becoming clear to me that I should probably write a >> > companion PEP to PEP 1 that specifically describes distutils-sig's >> > usage of the PEP process (and how that differs from the normal CPython >> > processes), but hopefully this post provides sufficient clarification >> > for now. >> > >> > -- >> > Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia >> > _______________________________________________ >> > Distutils-SIG maillist - Distutils-SIG at python.org >> > https://mail.python.org/mailman/listinfo/distutils-sig >> > >> >> ----------------- >> Donald Stufft >> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA >> >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig > > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Sun Sep 6 01:49:38 2015 From: donald at stufft.io (Donald Stufft) Date: Sat, 5 Sep 2015 19:49:38 -0400 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: On September 5, 2015 at 7:13:18 PM, Nick Coghlan (ncoghlan at gmail.com) wrote: > On 6 Sep 2015 08:31, "Marcus Smith" wrote: > > > > is this a response to other thread about how/where to store specs and > PEPs? > > If not, what in this email are you responding to? > > I believe Donald was suggesting we could just have a PyPA specific change > proposal process hosted on packaging.python.org, rather than using a > variant of the PEP process. > > I don't want to do that though - PyPA/distutils-sig's authority *is* > delegated from python-dev through the BDFL-Delegate and Discussions-To > headers in the regular PEP process, and there are going to be some > proposals affecting ensurepip and distutils that still fall under > python-dev rather than distutils-sig. > > Dealing with the PEP repo is currently more painful than it needs to be, > but that's what the forge.python.org proposals aim to address. > I was yes, though I don't feel extremely strongly about it, but I do wonder if it wouldn't fit us better. I'll make my case here real quick, but unless others are interested in it I don't really feel strong enough to push for it. We're currently using the PEP process, but we've had to bend the PEP rules several times in order to fit us. It's obvious the PEP process is designed primarily to handle changes to Python itself, even the BDFL-Delegate rules currently state you have to be a Python core developer and that you need permission from Guido for it. On top of that, almost all of the things we touch don't really fall under python-dev's authority. PyPI, pip, setuptools, bandersnatch, devpi, etc are external projects and only really distutils and ensurepip need python-dev's stamp of approval. In a way, we're already part way to the RFC process that rust uses through the interoperability-peps repo on Github. The primary differences would be that we manually copy things over to the Python PEPs repository and we don't really follow the rules for BDFL-Delegates, we just invent our own rules and it's sort of OK because nobody really cares. It is kind of awkward to essentially have the "real" copy of the PEP live in Github and that's where all the work on it happens but then needing to manually copy things over. It makes it kind of annoying to work on things, especially since any typo change or the such requires additional work to keep the two copies in sync. On the other hand, if we focused on a process that worked for us, instead of trying to shoe horn things into the PEP process we could optimize it for how we function. This could also include direct integration with packaging.python.org or something similar if we wanted to go down that road. I don't know, I think we could have a better process if we did our own thing, so it's something to think about at least. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From qwcode at gmail.com Sun Sep 6 02:39:45 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sat, 5 Sep 2015 17:39:45 -0700 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: yea, I like the idea of our own authoritative Pypa project for proposals, and maybe have it hold the final "Specs" we're talking about as well (and just have PyPUG link to them or whatever). I *think* it would lower the bar for people considering getting involved with writing specs and enhancements. "Oh, it's just a github project, and you do PRs... I can do that... let me start writing now..." for ensurepip, yea, do PEPs, since it's in Python. On Sat, Sep 5, 2015 at 4:49 PM, Donald Stufft wrote: > On September 5, 2015 at 7:13:18 PM, Nick Coghlan (ncoghlan at gmail.com) > wrote: > > On 6 Sep 2015 08:31, "Marcus Smith" wrote: > > > > > > is this a response to other thread about how/where to store specs and > > PEPs? > > > If not, what in this email are you responding to? > > > > I believe Donald was suggesting we could just have a PyPA specific change > > proposal process hosted on packaging.python.org, rather than using a > > variant of the PEP process. > > > > I don't want to do that though - PyPA/distutils-sig's authority *is* > > delegated from python-dev through the BDFL-Delegate and Discussions-To > > headers in the regular PEP process, and there are going to be some > > proposals affecting ensurepip and distutils that still fall under > > python-dev rather than distutils-sig. > > > > Dealing with the PEP repo is currently more painful than it needs to be, > > but that's what the forge.python.org proposals aim to address. > > > > > I was yes, though I don't feel extremely strongly about it, but I do > wonder if > it wouldn't fit us better. I'll make my case here real quick, but unless > others > are interested in it I don't really feel strong enough to push for it. > > We're currently using the PEP process, but we've had to bend the PEP rules > several times in order to fit us. It's obvious the PEP process is designed > primarily to handle changes to Python itself, even the BDFL-Delegate rules > currently state you have to be a Python core developer and that you need > permission from Guido for it. On top of that, almost all of the things we > touch > don't really fall under python-dev's authority. PyPI, pip, setuptools, > bandersnatch, devpi, etc are external projects and only really distutils > and > ensurepip need python-dev's stamp of approval. In a way, we're already > part way > to the RFC process that rust uses through the interoperability-peps repo on > Github. The primary differences would be that we manually copy things over > to > the Python PEPs repository and we don't really follow the rules for > BDFL-Delegates, we just invent our own rules and it's sort of OK because > nobody > really cares. > > It is kind of awkward to essentially have the "real" copy of the PEP live > in > Github and that's where all the work on it happens but then needing to > manually > copy things over. It makes it kind of annoying to work on things, > especially > since any typo change or the such requires additional work to keep the two > copies in sync. > > On the other hand, if we focused on a process that worked for us, instead > of > trying to shoe horn things into the PEP process we could optimize it for > how > we function. This could also include direct integration with > packaging.python.org or something similar if we wanted to go down that > road. > > I don't know, I think we could have a better process if we did our own > thing, > so it's something to think about at least. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncoghlan at gmail.com Sun Sep 6 07:47:45 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Sun, 6 Sep 2015 15:47:45 +1000 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: On 6 Sep 2015 10:39, "Marcus Smith" wrote: > > yea, I like the idea of our own authoritative Pypa project for proposals, and maybe have it hold the final "Specs" we're talking about as well (and just have PyPUG link to them or whatever). > > I *think* it would lower the bar for people considering getting involved with writing specs and enhancements. Brett Cannon set an October 31st deadline for the forge.python.org proofs-of-concept, so that aspect will be changing regardless (either to a PR-capable Kallithea, or GitHub+Phabricator) Cheers, Nick. -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Sun Sep 6 17:37:21 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sun, 6 Sep 2015 08:37:21 -0700 Subject: [Distutils] ensurepip in linux distros In-Reply-To: References: Message-ID: > > > then bundles the system > version back up with rewheel for installation into Python virtual > environments. this "bundles the system version back up" step happens when? which fedora version did this start? -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Sun Sep 6 17:43:49 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sun, 6 Sep 2015 08:43:49 -0700 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: ok, so this is PEP 474.... where's the activity for the forge idea happening? python-dev list? On Sat, Sep 5, 2015 at 10:47 PM, Nick Coghlan wrote: > > On 6 Sep 2015 10:39, "Marcus Smith" wrote: > > > > yea, I like the idea of our own authoritative Pypa project for > proposals, and maybe have it hold the final "Specs" we're talking about as > well (and just have PyPUG link to them or whatever). > > > > I *think* it would lower the bar for people considering getting involved > with writing specs and enhancements. > > Brett Cannon set an October 31st deadline for the forge.python.org > proofs-of-concept, so that aspect will be changing regardless (either to a > PR-capable Kallithea, or GitHub+Phabricator) > > Cheers, > Nick. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Sun Sep 6 18:09:27 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sun, 6 Sep 2015 09:09:27 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: One thought that comes to mind is how to present specs that deal with formats and artifacts that persist for years. For example, down the road when there's Wheel 2.0, what's the "Current Specs" for wheel? I would describe 2.0 is the "Latest" spec, but "Current Specs" includes all versions we're attempting to support, so we'd want the "Current Specs" page to easily show all the versions, and not have to dig them out from version control or something, right? --Marcus On Sat, Sep 5, 2015 at 1:35 AM, Nick Coghlan wrote: > On 5 September 2015 at 16:46, Nathaniel Smith wrote: > > On Fri, Sep 4, 2015 at 9:24 PM, Marcus Smith wrote: > >>> I don't have a specific problem with the specs living somewhere else > >>> as well, I just don't think moving a lengthy document full of edge > cases > >>> from one location to another is going to make things better > >> > >> If I may, I don't think that really captures Nick's idea. > >> > >> I think it's about clearly distinguishing the following: > >> > >> 1) Current Specs (for metadata, versioning, pypi etc..) > >> 2) Proposals to adjust or add to the Current Specs > >> > >> We don't have a clear distinction right now. We just have a series of > >> PEPs, and it's work to figure out where the actual current spec is at, > in > >> the noise of rationales and transition plans etc... > > > > Speaking as someone who has been pretty confused in the past trying to > > look up what the actual current rules are for something like version > > numbers or metadata (is this the current PEP? oh wait this one's newer > > -- oh but wait is the newer one still in development? or maybe > > abandoned?, etc.): +1 > > We also have specs like Tarek's database of installed distributions > (https://www.python.org/dev/peps/pep-0376/), where we kept the > "dist-info" parts, but not any of the API proposals. > > *Existing* formats (like sdist) could also be specified there without > requiring a new PEP (modulo people's time to do the work, but at least > having a place for such specs to *go* would be a good first step). > > Cheers, > Nick. > > -- > Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncoghlan at gmail.com Mon Sep 7 01:23:56 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Mon, 7 Sep 2015 09:23:56 +1000 Subject: [Distutils] ensurepip in linux distros In-Reply-To: References: Message-ID: On 7 September 2015 at 01:37, Marcus Smith wrote: >> >> then bundles the system >> version back up with rewheel for installation into Python virtual >> environments. > > > this "bundles the system version back up" step happens when? When ensurepip.bootstrap() runs - Fedora's system Python is patched to do that rather than install from the embedded wheel files (technically it falls back to the latter code path, but we omit those from the Fedora system Python package and include a runtime dependency on python-pip and python-setuptools instead). > which fedora version did this start? I think it was F21 (Dec 2014), may have been F22 (May 2015). Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Mon Sep 7 01:32:44 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Mon, 7 Sep 2015 09:32:44 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On 7 September 2015 at 02:09, Marcus Smith wrote: > One thought that comes to mind is how to present specs that deal with > formats and artifacts that persist for years. > > For example, down the road when there's Wheel 2.0, what's the "Current > Specs" for wheel? > > I would describe 2.0 is the "Latest" spec, but "Current Specs" includes all > versions we're attempting to support, so we'd want the "Current Specs" page > to easily show all the versions, and not have to dig them out from version > control or something, right? Yes, but I think that's easy enough to handle by having a default URL that always goes to the latest version of the spec, and moving previous versions to URLs that include the version number. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Mon Sep 7 01:29:54 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Mon, 7 Sep 2015 09:29:54 +1000 Subject: [Distutils] BDFL Delegates for distutils-sig PEPs In-Reply-To: References: Message-ID: On 7 September 2015 at 01:43, Marcus Smith wrote: > ok, so this is PEP 474.... > where's the activity for the forge idea happening? python-dev list? While the final discussions will need to move to python-dev, the preliminary discussions are taking place on the core-workflow mailing list: https://mail.python.org/mailman/listinfo/core-workflow My Kallithea based proposal is at https://www.python.org/dev/peps/pep-0474/ Donald's GitHub+Phabricator proposal is at https://www.python.org/dev/peps/pep-0481/ Brett has asked that the prototypes focus on the main CPython repo, even though we'd be moving the support repos first in any actual rollout: https://mail.python.org/pipermail/core-workflow/2015-August/000189.html Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ben+python at benfinney.id.au Mon Sep 7 01:42:46 2015 From: ben+python at benfinney.id.au (Ben Finney) Date: Mon, 07 Sep 2015 09:42:46 +1000 Subject: [Distutils] Working toward Linux wheel support References: Message-ID: <8537yr9ksp.fsf@benfinney.id.au> Nick Coghlan writes: > On 7 September 2015 at 02:09, Marcus Smith wrote: > > For example, down the road when there's Wheel 2.0, what's the "Current > > Specs" for wheel? > > Yes, but I think that's easy enough to handle by having a default URL > that always goes to the latest version of the spec, and moving > previous versions to URLs that include the version number. Or consistently publish each spec version to a predictable URL with the version number, and have the default URL *redirect* to whatever is the current-versioned spec. That way, the URL works as people expect, *and* the resulting destination gives a URL that (when inevitably copy-and-pasted) will retain its meaning over time. -- \ Moriarty: ?Forty thousand million billion dollars? That money | `\ must be worth a fortune!? ?The Goon Show, _The Sale of | _o__) Manhattan_ | Ben Finney From ncoghlan at gmail.com Mon Sep 7 02:43:15 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Mon, 7 Sep 2015 10:43:15 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: <8537yr9ksp.fsf@benfinney.id.au> References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: On 7 September 2015 at 09:42, Ben Finney wrote: > Nick Coghlan writes: > >> On 7 September 2015 at 02:09, Marcus Smith wrote: >> > For example, down the road when there's Wheel 2.0, what's the "Current >> > Specs" for wheel? >> >> Yes, but I think that's easy enough to handle by having a default URL >> that always goes to the latest version of the spec, and moving >> previous versions to URLs that include the version number. > > > Or consistently publish each spec version to a predictable URL with the > version number, and have the default URL *redirect* to whatever is the > current-versioned spec. > > > That way, the URL works as people expect, *and* the resulting > destination gives a URL that (when inevitably copy-and-pasted) will > retain its meaning over time. Yes, ReadTheDocs does let us do that. However, there's actually a problem with it, and it's this: it perpetuates the myth that it is possible to publish viable packaging software without committing to ongoing maintenance of that software to track changes to distribution formats and user experience expectations. Software distribution *fundamentally* involves interacting with the outside world, and coping with evolving interoperability expectations. Users should be able to grab the latest version of a packaging tool and be confident that it supports the latest interoperability standards (modulo a rollout window of a few weeks or maybe a few months for tools designed for relatively slow moving environments). This is the problem we always hit with distutils, and the one we still regularly hit with the Linux distributions: their update and rollout cycles are too slow, so they can't keep up with user expectations. Thus, the mindset we want to cultivate amongst tool developers is "I commit to ensuring my project gains support for the latest versions of the Python packaging interoperability standards in a timely manner, as well as supporting legacy versions of those standards for backwards compatibility purposes", rather than "My project supports version 1.0 of the interoperability standards, and I might upgrade to 2.0 when that happens. If I feel like it, and I have time. Maybe". Regards, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From qwcode at gmail.com Mon Sep 7 06:11:46 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sun, 6 Sep 2015 21:11:46 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: > That way, the URL works as people expect, *and* the resulting > > destination gives a URL that (when inevitably copy-and-pasted) will > > retain its meaning over time. > > Yes, ReadTheDocs does let us do that. well, it lets you do it for a whole project. we'd have to have a project per spec for it to work like that. we've been talking about all specs being in one project (PyPUG) I think it we'd either have to: 1) only render the latest version, and construct an index of links to the unrendered old versions in vcs history or 2) use a custom tailored tool to publish/render this like we want. or 3) use distinct documents for distinct versions as peers in the src tree. -Marcus -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncoghlan at gmail.com Mon Sep 7 06:26:11 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Mon, 7 Sep 2015 14:26:11 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: On 7 September 2015 at 14:11, Marcus Smith wrote: > > >> > That way, the URL works as people expect, *and* the resulting >> > destination gives a URL that (when inevitably copy-and-pasted) will >> > retain its meaning over time. >> >> Yes, ReadTheDocs does let us do that. > > > well, it lets you do it for a whole project. RTD also has page redirects now: https://read-the-docs.readthedocs.org/en/latest/user-defined-redirects.html#page-redirects (I thought the same thing you did, but found that when double checking) So we *could* redirect unqualified links to qualified ones if we wanted to. I just don't want to :) Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From reinout at vanrees.org Mon Sep 7 11:03:41 2015 From: reinout at vanrees.org (Reinout van Rees) Date: Mon, 7 Sep 2015 11:03:41 +0200 Subject: [Distutils] ez_setup.py and buildout bootstrap broken: 18.3.1 zip upload sorely needed Message-ID: Hi, See https://bitbucket.org/pypa/setuptools/issues/427/the-1831-release-misses-the-zip-version-so (and issue 428, 249 and 430 and https://github.com/buildout/buildout/issues/262). The 18.3.1 release only has a .tar.gz file on pypi and not the .zip version (.zip is hardcoded in ez_setup.py). => can someone upload the .zip version **quickly**? Reinout -- Reinout van Rees http://reinout.vanrees.org/ reinout at vanrees.org http://www.nelen-schuurmans.nl/ "Learning history by destroying artifacts is a time-honored atrocity" From reinout at vanrees.org Mon Sep 7 15:45:49 2015 From: reinout at vanrees.org (Reinout van Rees) Date: Mon, 7 Sep 2015 15:45:49 +0200 Subject: [Distutils] ez_setup.py and buildout bootstrap broken: 18.3.1 zip upload sorely needed In-Reply-To: References: Message-ID: Op 07-09-15 om 11:03 schreef Reinout van Rees: > > The 18.3.1 release only has a .tar.gz file on pypi and not the .zip > version (.zip is hardcoded in ez_setup.py). > > => can someone upload the .zip version **quickly**? Ok, the .zip is now there and the issue is fixed. But... how many people are able to upload such a release? Effectively buildout/ez_setup.py was out for most of a EU business day. "EU business day" corresponds nicely with night rests in USA-like timezones :-) No problem with mis-firing scripts or night rest of course. My question is if there are no others that could have fixed it? This has been a blocker for most of a (EU) working day and nobody reacted despite four issues (one marked as blocker), mailing to this mailinglist and even mentioning it via twitter. So if there are other people, I want to know how to reach them next time :-) Additionally, I assume the pypa/setuptools issue tracker is generally the #1 place to mention outages like this? Reinout -- Reinout van Rees http://reinout.vanrees.org/ reinout at vanrees.org http://www.nelen-schuurmans.nl/ "Learning history by destroying artifacts is a time-honored atrocity" From p.f.moore at gmail.com Mon Sep 7 16:43:05 2015 From: p.f.moore at gmail.com (Paul Moore) Date: Mon, 7 Sep 2015 15:43:05 +0100 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: On 5 September 2015 at 17:15, Donald Stufft wrote: > I've updated the PEP with the typo corrections, clarifications, and the missing > GPG signature support that Marc-Andre and Marius pointed out. It should be live > on the PEP site soon, but the diff can be viewed online at > https://hg.python.org/peps/rev/a314911efa10 Looks good. Some background information might be worth adding (for instance, the explanation of why you need a top-level index page at all that you posted in response to MAL's question). Also for background, 2 questions that struck me: 1. If my project page contains extra links as well as the file links (for example, to documentation, possibly even downloadable archives of the documentation) how will installers (specifically pip) know what to do with those? While I appreciate the effort to keep the PEP installer-agnostic, giving a bit of "pip works like this" as background would help. For example, is a page with 3 downloadable files referenced and 100 links to other stuff, going to perform worse than a page with just the 3 download links? 2. Will installers (pip) download all the files, or will they only grab the requested release? How would they know? (Parsing the filename works for wheels, but isn't guaranteed to for sdists, and definitely won't for arbitrary extra links). In practice, I'd expect an index page to only contain bare links to valid sdist and wheel files, with the sdist filenames being standard names as generated by distutils. I wouldn't actually see any harm in mandating that, but as it stands the PEP doesn't do so. Maybe it's intended to? Should the paragraph "Below the root URL is another URL ... This URL must respond with a valid HTML5 page with a single anchor element per file for the project. ..." finish with a further restriction "The page MUST NOT contain any content other than the specified anchor elements"? Paul From donald at stufft.io Mon Sep 7 17:08:58 2015 From: donald at stufft.io (Donald Stufft) Date: Mon, 7 Sep 2015 11:08:58 -0400 Subject: [Distutils] ez_setup.py and buildout bootstrap broken: 18.3.1 zip upload sorely needed In-Reply-To: References: Message-ID: On September 7, 2015 at 9:47:32 AM, Reinout van Rees (reinout at vanrees.org) wrote: > > But... how many people are able to upload such a release? Effectively > buildout/ez_setup.py was out for most of a EU business day. "EU > business > day" corresponds nicely with night rests in USA-like timezones > :-) Package Index Owner: jaraco, pje Package Index Maintainer: Ivoz, jezdez, dstufft, jaraco, ianb Speaking for myself, I've never released setuptools so I wouldn't feel comfortable doing it, especially when there's a problem that I might end up making worse. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From qwcode at gmail.com Mon Sep 7 17:36:31 2015 From: qwcode at gmail.com (Marcus Smith) Date: Mon, 7 Sep 2015 08:36:31 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: I'm still unclear on whether you'd want A or B: A) Different major/minor versions of the spec are different documents B) Different versions of the spec are tags or branches of the same document If it's B, then you'd either: 1) only build the latest version, and construct an index of links to the unrendered old versions in vcs history 2) use a custom build/publishing worflow that pulls versions out of history so they can be built as peers in the published version On Sun, Sep 6, 2015 at 9:26 PM, Nick Coghlan wrote: > On 7 September 2015 at 14:11, Marcus Smith wrote: > > > > > >> > That way, the URL works as people expect, *and* the resulting > >> > destination gives a URL that (when inevitably copy-and-pasted) will > >> > retain its meaning over time. > >> > >> Yes, ReadTheDocs does let us do that. > > > > > > well, it lets you do it for a whole project. > > RTD also has page redirects now: > > https://read-the-docs.readthedocs.org/en/latest/user-defined-redirects.html#page-redirects > (I thought the same thing you did, but found that when double > checking) > > So we *could* redirect unqualified links to qualified ones if we > wanted to. I just don't want to :) > > Cheers, > Nick. > > -- > Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia > -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Mon Sep 7 18:02:41 2015 From: donald at stufft.io (Donald Stufft) Date: Mon, 7 Sep 2015 12:02:41 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: > >>> > >>> I'll create PRs for this against wheel and pip shortly. I can also work > >>> on a PEP for the platform tag - I don't think it's going to need to be a > >>> big one. Are there any preferences as to whether this should be a new PEP > >>> or an update to 425? > >>> Coming back to this, I'm wondering if we should include the libc implementation/version in a less generic, but still generic linux wheel. Right now if you staticly link I think the only platform ABIs you need to worry about are libc and Python itself. Python itself is handled already but libc is not. The only thing I've seen so far is "build on an old enough version of glibc that it handles anything sane", but not all versions of Linux even use glibc at all. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From wes.turner at gmail.com Mon Sep 7 18:40:07 2015 From: wes.turner at gmail.com (Wes Turner) Date: Mon, 7 Sep 2015 11:40:07 -0500 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: MAJOR.MINOR.PATCH[-rev] would be helpful for these (and other) PEPs. On Sep 7, 2015 10:36 AM, "Marcus Smith" wrote: > > I'm still unclear on whether you'd want A or B: > > A) Different major/minor versions of the spec are different documents >From http://semver.org Semantic Versioning 2.0 : ``` Given a version number MAJOR.MINOR.PATCH, increment the: - MAJOR version when you make incompatible API changes, - MINOR version when you add functionality in a backwards-compatible manner, and - PATCH version when you make backwards-compatible bug fixes. Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format. ``` > B) Different versions of the spec are tags or branches of the same document >From http://docs.openstack.org/developer/pbr/semver.html : ``` *Linux/Python Compatible Semantic Versioning 3.0.0* This is a fork of Semantic Versioning 2.0. The specific changes have to do with the format of pre-release and build labels, specifically to make them not confusing when co-existing with Linux distribution packaging and Python packaging. Inspiration for the format of the pre-release and build labels came from Python?s PEP440. *Changes vs **SemVer** 2.0**?* dev versions are defined. These are extremely useful when dealing with CI and CD systems when ?every commit is a release? is not feasible.All versions have been made PEP-440 compatible, because of our deep roots in Python. Pre-release versions are now separated by . not -, and use a/b/c rather than alpha/beta etc. ``` Something like v1.0.01-eb4df7f[-linux64] would have greater traceability. > > If it's B, then you'd either: > 1) only build the latest version, and construct an index of links to the unrendered old versions in vcs history > 2) use a custom build/publishing worflow that pulls versions out of history so they can be built as peers in the published version #. TBH I'm more concerned about determining downstream tool support from MAJOR.MINOR.PATCH (The PEP workflow is probably fine; I think there is need for better versioning under one heading). > > > > > > On Sun, Sep 6, 2015 at 9:26 PM, Nick Coghlan wrote: >> >> On 7 September 2015 at 14:11, Marcus Smith wrote: >> > >> > >> >> > That way, the URL works as people expect, *and* the resulting >> >> > destination gives a URL that (when inevitably copy-and-pasted) will >> >> > retain its meaning over time. >> >> >> >> Yes, ReadTheDocs does let us do that. >> > >> > >> > well, it lets you do it for a whole project. >> >> RTD also has page redirects now: >> https://read-the-docs.readthedocs.org/en/latest/user-defined-redirects.html#page-redirects >> (I thought the same thing you did, but found that when double >> checking) >> >> So we *could* redirect unqualified links to qualified ones if we >> wanted to. I just don't want to :) >> >> Cheers, >> Nick. >> >> -- >> Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia > > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wes.turner at gmail.com Mon Sep 7 19:05:15 2015 From: wes.turner at gmail.com (Wes Turner) Date: Mon, 7 Sep 2015 12:05:15 -0500 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: On Sep 5, 2015 11:12 AM, "Donald Stufft" wrote: > > On September 5, 2015 at 5:43:58 AM, M.-A. Lemburg (mal at egenix.com) wrote: > > > > Hmm, if the installer will build the URL itself, why is there even > > a need for a top-level index page ? > > > > I mean for the occasional human reading the page it will certainly > > make sense to have such a page, but for the API this doesn't > > appear to be essentially needed. > > > > Or is the idea to have the package manager scan the index for package > > hosted on that index prior to asking for the package it would like > > to install ? > > The latest versions of pip won't use it, setuptools and older versions of pip > will use it though. The versions of pip/setuptools that would use it, use it as > a fallback. They don't pre-normalize the name before requesting the URL so they > just used whatever the user typed. This comes from when a project like "Django" > was at /simple/Django/ on PyPI but if a user typed ``pip install django`` it > would first fetch /simple/django/ and if that 404'd it would fall back onto > /simple/ and look for these links. On PyPI this rarely happened because PyPI > redirects /simple/anything-that-normalizes-to-the-name/ to the correct URL but > it's useful for static repositories that don't have something to redirect it > in front. > > I've tried to make it so that all of the SHOULD and MUST directives can be > implement by a standard Nginx/Apache/whatever web server with static files > while maintaining compatability with older installers. > > > > > Would it help the package manager to more easily detect the links > > that point to distribution files instead of e.g. documentation or > > other resources ? > > > > setuptools uses rel="download" for this: > > > > https://pythonhosted.org/setuptools/easy_install.html#package-index-api > > This is actually for the link spidering that PEP 470 removed, links marked with > either rel="download" or rel="homepage" would be fetched (unless they looked > installable) and searched for additional links before PEP 438/470 started to > deprecate/remove them. Both setuptools and pip only need a simple page that has > links that point to files on the, see for example the /simple/ page for > requests: https://pypi.python.org/simple/requests/ > > > > > Could we perhaps also add optional features like: > > > > * Distribution link elements MAY include a data-gpg-sig="" > > attribute to provide a GPG signature of the linked file > > > > This could later be extended to more meta data, such as platform > > tags, distribution file types, license info, mirror locations, > > documentation, help strings, etc. RDFa and JSON-LD would make this graph constraint solution solving possible. > > I actually forgot to mention the GPG signatures, currently the assumption is > that if a GPG signature exists it will live at the same location as the file > with a .asc on the end, so if the file is /packages/Django-1.0.tar.gz then the > GPG signature will be located at /packages/Django-1.0.tar.gz.asc. I'll add this > to the PEP. > > I don't want to add more features to the API, particularly not in this PEP. My > longer term plan is to work on a a new API for installers to use which will be > easier to work with. The current API is great for it's simplicity and the fact > it can be implemented on the server side with nothing more than a directory > structure full of files and python -m http.server. The plan in my head is to > add a new repository API which can handle the more complex cases AND which will > most likely be JSON based to simplify parsing of it. The simple API would not > be deprecated, it would just be up to the repository which "version" of the API > they use. For people hosting their own repositories, if they have a simple case > they will be able to get away with the simple API, but the more complex API > would offer benefits like being able to access the metadata information without > downloading the file. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig -------------- next part -------------- An HTML attachment was scrubbed... URL: From wes.turner at gmail.com Mon Sep 7 19:29:53 2015 From: wes.turner at gmail.com (Wes Turner) Date: Mon, 7 Sep 2015 12:29:53 -0500 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: On Sep 5, 2015 11:12 AM, "Donald Stufft" wrote: > > On September 5, 2015 at 5:43:58 AM, M.-A. Lemburg (mal at egenix.com) wrote: > > > > I don't want to add more features to the API, particularly not in this PEP. My > longer term plan is to work on a a new API for installers to use which will be > easier to work with. The current API is great for it's simplicity and the fact > it can be implemented on the server side with nothing more than a directory > structure full of files and python -m http.server. The plan in my head is to > add a new repository API which can handle the more complex cases AND which will > most likely be JSON based to simplify parsing of it. The simple API would not > be deprecated, it would just be up to the repository which "version" of the API > they use. For people hosting their own repositories, if they have a simple case > they will be able to get away with the simple API, but the more complex API > would offer benefits like being able to access the metadata information without > downloading the file. I would like to help with this. There are resources with attributes And representations (HTML, JSON -> RDFa, JSON-LD) And schema.org/Action s (CRUD, star) It's probably possible to convert to RDFa and JSONLD and add the existing metadata Without yet a PEP metadata 3.0.1 > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Mon Sep 7 19:51:56 2015 From: qwcode at gmail.com (Marcus Smith) Date: Mon, 7 Sep 2015 10:51:56 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: Wes, this isn't about the versioning scheme for Specs or PEPS. For *whatever* scheme we have, my discussion was about how to render all the "current" versions we support in a Sphinx project. in short, should the current versions we want to publish be distinct documents or not. > The PEP workflow is probably fine well, if you look up in the thread, a few of us are saying it's not. It doesn't distinguish Current Specs vs Proposals very well. On Mon, Sep 7, 2015 at 9:40 AM, Wes Turner wrote: > MAJOR.MINOR.PATCH[-rev] would be helpful for these (and other) PEPs. > > On Sep 7, 2015 10:36 AM, "Marcus Smith" wrote: > > > > I'm still unclear on whether you'd want A or B: > > > > A) Different major/minor versions of the spec are different documents > > From http://semver.org Semantic Versioning 2.0 : > > ``` > Given a version number MAJOR.MINOR.PATCH, increment the: > > - MAJOR version when you make incompatible API changes, > - MINOR version when you add functionality in a backwards-compatible > manner, and > - PATCH version when you make backwards-compatible bug fixes. > > Additional labels for pre-release and build metadata are available as > extensions to the MAJOR.MINOR.PATCH format. > ``` > > > B) Different versions of the spec are tags or branches of the same > document > > From http://docs.openstack.org/developer/pbr/semver.html : > > ``` > *Linux/Python Compatible Semantic Versioning 3.0.0* > > This is a fork of Semantic Versioning 2.0. The specific changes have to do > with the format of pre-release and build labels, specifically to make them > not confusing when co-existing with Linux distribution packaging and Python > packaging. Inspiration for the format of the pre-release and build labels > came from Python?s PEP440. > > *Changes vs **SemVer** 2.0**?* > > > dev versions are defined. These are extremely useful when dealing with CI > and CD systems when ?every commit is a release? is not feasible.All > versions have been made PEP-440 compatible, because of our deep roots in > Python. Pre-release versions are now separated by . not -, and use a/b/c > rather than alpha/beta etc. > ``` > > Something like v1.0.01-eb4df7f[-linux64] would have greater traceability. > > > > > If it's B, then you'd either: > > 1) only build the latest version, and construct an index of links to the > unrendered old versions in vcs history > > 2) use a custom build/publishing worflow that pulls versions out of > history so they can be built as peers in the published version > > #. TBH I'm more concerned about determining downstream tool support from > MAJOR.MINOR.PATCH > (The PEP workflow is probably fine; I think there is need for better > versioning under one heading). > > > > > > > > > > > > > On Sun, Sep 6, 2015 at 9:26 PM, Nick Coghlan wrote: > >> > >> On 7 September 2015 at 14:11, Marcus Smith wrote: > >> > > >> > > >> >> > That way, the URL works as people expect, *and* the resulting > >> >> > destination gives a URL that (when inevitably copy-and-pasted) will > >> >> > retain its meaning over time. > >> >> > >> >> Yes, ReadTheDocs does let us do that. > >> > > >> > > >> > well, it lets you do it for a whole project. > >> > >> RTD also has page redirects now: > >> > https://read-the-docs.readthedocs.org/en/latest/user-defined-redirects.html#page-redirects > >> (I thought the same thing you did, but found that when double > >> checking) > >> > >> So we *could* redirect unqualified links to qualified ones if we > >> wanted to. I just don't want to :) > >> > >> Cheers, > >> Nick. > >> > >> -- > >> Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia > > > > > > > > _______________________________________________ > > Distutils-SIG maillist - Distutils-SIG at python.org > > https://mail.python.org/mailman/listinfo/distutils-sig > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Mon Sep 7 20:13:22 2015 From: qwcode at gmail.com (Marcus Smith) Date: Mon, 7 Sep 2015 11:13:22 -0700 Subject: [Distutils] "Specs" vs "Proposals" Message-ID: pulling this idea out of the "Linux wheel support" thread, since it deserves it's own thread... the idea being that we should better distinguish: 1) the current packaging "Specs" (for metadata, versions, etc...) vs 2) Proposals to change them currently, we just have PEPs that serve both roles. so the idea would be to: 1) house current specs at packaging.python.org... basically a document tree that's organized by topic, not numbers and it's free of proposal rationales, historical discussion, and transition plans etc... 2) keep using the PEP process for adjusting or adding to the specs and assuming that approach, I raised a few "publishing" questions: 1) do we publish/render all supported versions of a certain spec, or just the latest 2) if we publish them all, then how? do we maintain separate documents for distinct versions? if not, how do we do it? --Marcus -------------- next part -------------- An HTML attachment was scrubbed... URL: From mal at egenix.com Mon Sep 7 23:05:15 2015 From: mal at egenix.com (M.-A. Lemburg) Date: Mon, 07 Sep 2015 23:05:15 +0200 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: <55EDFC0B.7000200@egenix.com> On 05.09.2015 18:12, Donald Stufft wrote: > On September 5, 2015 at 5:43:58 AM, M.-A. Lemburg (mal at egenix.com) wrote: >> >> Hmm, if the installer will build the URL itself, why is there even >> a need for a top-level index page ? >> >> I mean for the occasional human reading the page it will certainly >> make sense to have such a page, but for the API this doesn't >> appear to be essentially needed. >> >> Or is the idea to have the package manager scan the index for package >> hosted on that index prior to asking for the package it would like >> to install ? > > The latest versions of pip won't use it, setuptools and older versions of pip > will use it though. The versions of pip/setuptools that would use it, use it as > a fallback. They don't pre-normalize the name before requesting the URL so they > just used whatever the user typed. This comes from when a project like "Django" > was at /simple/Django/ on PyPI but if a user typed ``pip install django`` it > would first fetch /simple/django/ and if that 404'd it would fall back onto > /simple/ and look for these links. On PyPI this rarely happened because PyPI > redirects /simple/anything-that-normalizes-to-the-name/ to the correct URL but > it's useful for static repositories that don't have something to redirect it > in front. > > I've tried to make it so that all of the SHOULD and MUST directives can be > implement by a standard Nginx/Apache/whatever web server with static files > while maintaining compatability with older installers. Yes, understood, and that's good. Perhaps having an index page is a good thing if we want package managers to implement search functionality. >> Would it help the package manager to more easily detect the links >> that point to distribution files instead of e.g. documentation or >> other resources ? >> >> setuptools uses rel="download" for this: >> >> https://pythonhosted.org/setuptools/easy_install.html#package-index-api > > This is actually for the link spidering that PEP 470 removed, links marked with > either rel="download" or rel="homepage" would be fetched (unless they looked > installable) and searched for additional links before PEP 438/470 started to > deprecate/remove them. Both setuptools and pip only need a simple page that has > links that point to files on the, see for example the /simple/ page for > requests: https://pypi.python.org/simple/requests/ Right. Perhaps I should have made the use case I'm thinking of more obvious: If you set up a page with links to projects and distribution files, you will likely not make completely unstyled but instead integrate it into some website which also has lots of other links to e.g. other parts of the website, images, documentation, etc. In such a setup, the package manager would see lots and lots of links which are not relevant for the task. With the rel attributes, the package manager can focus on those links which are relevant. That's also the main reason for having those rel links in setuptools. >> Could we perhaps also add optional features like: >> >> * Distribution link elements MAY include a data-gpg-sig="" >> attribute to provide a GPG signature of the linked file >> >> This could later be extended to more meta data, such as platform >> tags, distribution file types, license info, mirror locations, >> documentation, help strings, etc. > > I actually forgot to mention the GPG signatures, currently the assumption is > that if a GPG signature exists it will live at the same location as the file > with a .asc on the end, so if the file is /packages/Django-1.0.tar.gz then the > GPG signature will be located at /packages/Django-1.0.tar.gz.asc. I'll add this > to the PEP. Hmm, that's convention based and does not allow detecting the presence of such signatures without actually trying a download. I think it would be better to make the availability explicit by adding an attribute to the link element (just like for other such features). > I don't want to add more features to the API, particularly not in this PEP. My > longer term plan is to work on a a new API for installers to use which will be > easier to work with. The current API is great for it's simplicity and the fact > it can be implemented on the server side with nothing more than a directory > structure full of files and python -m http.server. The plan in my head is to > add a new repository API which can handle the more complex cases AND which will > most likely be JSON based to simplify parsing of it. The simple API would not > be deprecated, it would just be up to the repository which "version" of the API > they use. For people hosting their own repositories, if they have a simple case > they will be able to get away with the simple API, but the more complex API > would offer benefits like being able to access the metadata information without > downloading the file. A dynamic API is nice to have for more complex queries, but there's nothing like a set of static files which you can just put up on a file server or CDN to deploy. I think there's a lot more meta data which can be put into such a static version of a repository. The idea of trying to put meta data into file names doesn't work (tried that, failed every time :-)). Conventions like the .asc sig idea can go a little further, but fails badly when those conventions result in lots of needless 404s requests. HTML is all about meta data, HTML5 even more, so why not use it for this purpose ? A dynamic API can be added as addition, but is hardly ever required for installation. Anyway, I can understand why you would not want to make the PEP more complex, so all this is just an attempt to push a little in the above direction and at least make some of things optional standard extensions of the standard (must like we do for the DB-API on the DB-SIG list). -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Sep 07 2015) >>> Python Projects, Coaching and Consulting ... http://www.egenix.com/ >>> mxODBC Plone/Zope Database Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2015-08-27: Released eGenix mx Base 3.2.9 ... http://egenix.com/go83 2015-09-18: PyCon UK 2015 ... 11 days to go ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From wes.turner at gmail.com Tue Sep 8 00:16:48 2015 From: wes.turner at gmail.com (Wes Turner) Date: Mon, 7 Sep 2015 17:16:48 -0500 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: On Sep 7, 2015 12:51 PM, "Marcus Smith" wrote: > > Wes, this isn't about the versioning scheme for Specs or PEPS. > For *whatever* scheme we have, my discussion was about how to render all the "current" versions we support in a Sphinx project. More or less itertools.product and a sphinx directive for ~CSVW? Marcus, we could change the subject line. The objective here, IIUC, is to generate and maintain the expanded set of packages and their metadata [[[ with the ability to download all/subset of the package metadata [ without having to execute each and every setup.py [ again ] ] ]]]. Possible subject lines: * [ ] Add RDFa to pypi and warehouse * [ ] Add JSONLD to pypi and warehouse * "PEP ???: Metadata 3.0.1" * "Re: [Python-ideas] Increasing public package discoverability (was: Adding jsonschema to the standard library)" * https://groups.google.com/d/msg/python-ideas/3MRVM6C6bQU/76hWP7bFgiwJ * https://groups.google.com/d/msg/python-ideas/3MRVM6C6bQU/VXq3yHcrCxcJ ``` So there is a schema.org/SoftwareApplication (or doap:Project, or seon:) Resource, which has * a unique URI (e.g. http://python.org/pypi/readme) * JSON metadata extracted from setup.py into pydist.json (setuptools, wheel) - [ ] create JSON-LD @context - [ ] create mappings to standard schema * [ ] http://schema.org/SoftwareApplication * [ ] http://schema.org/SoftwareSourceCode In terms of schema.org, a Django Packages resource has: * [ ] a unique URI * [ ] typed features (predicates with ranges) * [ ] http://schema.org/review * [ ] http://schema.org/VoteAction * [ ] http://schema.org/LikeAction ``` There is a matrix of packages that could, should, are uploaded; which is a subset of a [giant global] graph; which can be most easily represented in an RDF graph representation format like RDFa, JSON-LD, CSVW. * setup.py * requirements[-test|-docs][-dev][.peep].txt * tox.ini -- tox grid (+docker = dox) * Jenkins grid * --> Pypi (e.g. with twine) This does something more sequential than itertools.product w/ a Requirement namedtuple and a RequirementsMap to iterate through (for generating combinations of requirements-{test,dev,{extras}}: * https://github.com/westurner/pyleset/blob/57140bcef53/setup.py * https://github.com/westurner/pyleset/tree/57140bcef53/requirements > in short, should the current versions we want to publish be distinct documents or not. > > > The PEP workflow is probably fine > > well, if you look up in the thread, a few of us are saying it's not. It doesn't distinguish Current Specs vs Proposals very well. How would you add that metadata to the version string (according to PEP 440)? Semver 3.0 (pbr) >From http://docs.openstack.org/developer/pbr/semver.html : Example: 1.0.0.dev8 < 1.0.0.dev9 < 1.0.0.a1.dev3 < 1.0.0.a1 < 1.0.0.b2 < 1.0.0.c1 < 1.0.0 > > > On Mon, Sep 7, 2015 at 9:40 AM, Wes Turner wrote: >> >> MAJOR.MINOR.PATCH[-rev] would be helpful for these (and other) PEPs. >> >> On Sep 7, 2015 10:36 AM, "Marcus Smith" wrote: >> > >> > I'm still unclear on whether you'd want A or B: >> > >> > A) Different major/minor versions of the spec are different documents >> >> From http://semver.org Semantic Versioning 2.0 : >> >> ``` >> Given a version number MAJOR.MINOR.PATCH, increment the: >> >> - MAJOR version when you make incompatible API changes, >> - MINOR version when you add functionality in a backwards-compatible manner, and >> - PATCH version when you make backwards-compatible bug fixes. >> >> Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format. >> ``` >> >> > B) Different versions of the spec are tags or branches of the same document >> >> From http://docs.openstack.org/developer/pbr/semver.html : >> >> ``` >> Linux/Python Compatible Semantic Versioning 3.0.0 >> >> This is a fork of Semantic Versioning 2.0. The specific changes have to do with the format of pre-release and build labels, specifically to make them not confusing when co-existing with Linux distribution packaging and Python packaging. Inspiration for the format of the pre-release and build labels came from Python?s PEP440. >> >> Changes vs SemVer 2.0? >> >> dev versions are defined. These are extremely useful when dealing with CI and CD systems when ?every commit is a release? is not feasible.All versions have been made PEP-440 compatible, because of our deep roots in Python. Pre-release versions are now separated by . not -, and use a/b/c rather than alpha/beta etc. >> ``` >> >> Something like v1.0.01-eb4df7f[-linux64] would have greater traceability. >> >> > >> > If it's B, then you'd either: >> > 1) only build the latest version, and construct an index of links to the unrendered old versions in vcs history >> > 2) use a custom build/publishing worflow that pulls versions out of history so they can be built as peers in the published version >> >> #. TBH I'm more concerned about determining downstream tool support from MAJOR.MINOR.PATCH >> (The PEP workflow is probably fine; I think there is need for better versioning under one heading). >> >> > >> > >> > >> > >> > >> > On Sun, Sep 6, 2015 at 9:26 PM, Nick Coghlan wrote: >> >> >> >> On 7 September 2015 at 14:11, Marcus Smith wrote: >> >> > >> >> > >> >> >> > That way, the URL works as people expect, *and* the resulting >> >> >> > destination gives a URL that (when inevitably copy-and-pasted) will >> >> >> > retain its meaning over time. >> >> >> >> >> >> Yes, ReadTheDocs does let us do that. >> >> > >> >> > >> >> > well, it lets you do it for a whole project. >> >> >> >> RTD also has page redirects now: >> >> https://read-the-docs.readthedocs.org/en/latest/user-defined-redirects.html#page-redirects >> >> (I thought the same thing you did, but found that when double >> >> checking) >> >> >> >> So we *could* redirect unqualified links to qualified ones if we >> >> wanted to. I just don't want to :) >> >> >> >> Cheers, >> >> Nick. >> >> >> >> -- >> >> Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia >> > >> > >> > >> > _______________________________________________ >> > Distutils-SIG maillist - Distutils-SIG at python.org >> > https://mail.python.org/mailman/listinfo/distutils-sig >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wes.turner at gmail.com Tue Sep 8 00:29:51 2015 From: wes.turner at gmail.com (Wes Turner) Date: Mon, 7 Sep 2015 17:29:51 -0500 Subject: [Distutils] "Specs" vs "Proposals" In-Reply-To: References: Message-ID: > > > well, if you look up in the thread, a few of us are saying it's not. It > doesn't distinguish Current Specs vs Proposals very well. > How would you add that metadata to the version string (according to PEP > 440)? Semver 3.0 (pbr) > From http://docs.openstack.org/developer/pbr/semver.html : > Example: 1.0.0.dev8 < 1.0.0.dev9 < 1.0.0.a1.dev3 < 1.0.0.a1 < 1.0.0.b2 > < 1.0.0.c1 < 1.0.0 On Mon, Sep 7, 2015 at 1:13 PM, Marcus Smith wrote: > pulling this idea out of the "Linux wheel support" thread, since it > deserves it's own thread... > > the idea being that we should better distinguish: > 1) the current packaging "Specs" (for metadata, versions, etc...) > vs > 2) Proposals to change them > > currently, we just have PEPs that serve both roles. > > so the idea would be to: > 1) house current specs at packaging.python.org... basically a document > tree that's organized by topic, not numbers and it's free of proposal > rationales, historical discussion, and transition plans etc... > * https://packaging.python.org/en/latest/glossary.html#term-version-specifier -> pypa.io/en/latest/peps * https://www.pypa.io/en/latest/peps * https://github.com/pypa/pypa.io/blob/master/source/peps.rst > 2) keep using the PEP process for adjusting or adding to the specs > > and assuming that approach, I raised a few "publishing" questions: > 1) do we publish/render all supported versions of a certain spec, or just > the latest > 2) if we publish them all, then how? do we maintain separate documents > for distinct versions? if not, how do we do it? > Tagged [semver 3.0 (+1)] versions can be managed *individually* with readthedocs. One old-school way to do this would be to e.g. write a conf.py and a sphinx adapter for PEPs: https://github.com/python/peps And copy/paste with version strings at the end of filenames > > --Marcus > > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Tue Sep 8 01:01:24 2015 From: qwcode at gmail.com (Marcus Smith) Date: Mon, 7 Sep 2015 16:01:24 -0700 Subject: [Distutils] "Specs" vs "Proposals" In-Reply-To: References: Message-ID: > so the idea would be to: >> 1) house current specs at packaging.python.org... basically a document >> tree that's organized by topic, not numbers and it's free of proposal >> rationales, historical discussion, and transition plans etc... >> > > * > https://packaging.python.org/en/latest/glossary.html#term-version-specifier > -> pypa.io/en/latest/peps > * https://www.pypa.io/en/latest/peps > * https://github.com/pypa/pypa.io/blob/master/source/peps.rst > > I can't make sense of how these links are a response to point #1? I wrote the PEP summary page you're linking me too, so I'm aware of it : ) This summary page is *not* the Specs idea. Maybe a picture is worth a thousand words here.... and will require a draft PR against the PyPUG to make it clear to everyone > 2) keep using the PEP process for adjusting or adding to the specs >> >> and assuming that approach, I raised a few "publishing" questions: >> 1) do we publish/render all supported versions of a certain spec, or just >> the latest >> 2) if we publish them all, then how? do we maintain separate documents >> for distinct versions? if not, how do we do it? >> > > Tagged [semver 3.0 (+1)] versions can be managed *individually* with > readthedocs. > sorry, I don't follow your point. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ncoghlan at gmail.com Tue Sep 8 02:43:27 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Tue, 8 Sep 2015 10:43:27 +1000 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: On 8 September 2015 at 03:05, Wes Turner wrote: > On Sep 5, 2015 11:12 AM, "Donald Stufft" wrote: >> > This could later be extended to more meta data, such as platform >> > tags, distribution file types, license info, mirror locations, >> > documentation, help strings, etc. > > RDFa and JSON-LD would make this graph constraint solution solving possible. Wes, we know you like these technologies, and want to see us use them - you don't need to bring them up every time we mention a graphing problem. They're great candidates to consider integrating into the metadata 2.0 design, as long as the dependencies for processing them at runtime aren't too heavy. However, they're not even *remotely* on the radar for problem solving within the metadata 1.x framework, and there are still a lot of problems we can resolve within that structure that will help inform the metadata 2.0 design. Regards, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Tue Sep 8 03:07:33 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Tue, 8 Sep 2015 11:07:33 +1000 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> Message-ID: On 8 September 2015 at 10:43, Nick Coghlan wrote: > On 8 September 2015 at 03:05, Wes Turner wrote: >> On Sep 5, 2015 11:12 AM, "Donald Stufft" wrote: >>> > This could later be extended to more meta data, such as platform >>> > tags, distribution file types, license info, mirror locations, >>> > documentation, help strings, etc. >> >> RDFa and JSON-LD would make this graph constraint solution solving possible. > > Wes, we know you like these technologies, and want to see us use them > - you don't need to bring them up every time we mention a graphing > problem. They're great candidates to consider integrating into the > metadata 2.0 design, as long as the dependencies for processing them > at runtime aren't too heavy. I've now filed an issue for that at https://github.com/pypa/interoperability-peps/issues/31 There are also a range of other open issues from my old repo that require review to see if they should be transferred over to the shared repo, or just marked as closed: https://bitbucket.org/pypa/pypi-metadata-formats/issues?status=new&status=open&component=Metadata%202.x Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From ncoghlan at gmail.com Tue Sep 8 03:30:28 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Tue, 8 Sep 2015 11:30:28 +1000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: <8537yr9ksp.fsf@benfinney.id.au> Message-ID: On 8 September 2015 at 01:36, Marcus Smith wrote: > I'm still unclear on whether you'd want A or B: > > A) Different major/minor versions of the spec are different documents > B) Different versions of the spec are tags or branches of the same document I'm mainly thinking A, using versionadded tags for minor updates, and new files for major updates. The key thing I'd like to avoid is version pinning where we have to uprev a higher level spec (e.g. the wheel format) just because a lower level spec (e.g. compatibility tags) was updated in a backwards compatible way. Using PEP numbers for cross-links between specifications the way we do now doesn't give us that. So, using that as an example, suppose we used a series focused naming convention like: https://packaging.python.org/specifications/wheel-1.x.html This would contain the wheel 1.x specification, with versionadded tags for everything introduced post 1.0. Then, rather than referring to PEP 425 specifically as it does today, the wheel 1.x specification would instead refer to https://packaging.python.org/specifications/compatibility-tags-1.x.html Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From donald at stufft.io Tue Sep 8 03:37:59 2015 From: donald at stufft.io (Donald Stufft) Date: Mon, 7 Sep 2015 21:37:59 -0400 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: <55EDFC0B.7000200@egenix.com> References: <55EAB949.6030603@egenix.com> <55EDFC0B.7000200@egenix.com> Message-ID: On September 7, 2015 at 5:05:24 PM, M.-A. Lemburg (mal at egenix.com) wrote: > > In such a setup, the package manager would see lots and lots of > links which are not relevant for the task. With the rel attributes, > the package manager can focus on those links which are relevant. > That's also the main reason for having those rel links in setuptools. Well I mean, setuptools is still going to inspect each link with or without a rel="download|homepage" to see if it "looks installable", which is the same thing that pip does. I should probably call out explicitly that you cannot assume that every single URL is a file though, that some may be unrelated. If we were designing this from scratch I might agree with you, though I think one of the biggest benefits of the "simple" repository is that it's extremely simple for someone to get started with it, a file system and basically any? web server is enough. So I'm not sure it's worth it to add the explicit rel even if we were going from scratch if we lose that property. > > Hmm, that's convention based and does not allow detecting > the presence of such signatures without actually trying a download. > > I think it would be better to make the availability explicit > by adding an attribute to the link element (just like for other > such features). I'm OK with adding the attribute to links, though we should still mandate the location. Neither pip nor setuptools will do anything with the PGP signatures but some other tooling might. The legacy behavior of "just try the link" will still work then, and if someone wants to do it more efficiently the attribute is there. I'm not sure it's going to be generally useful since the signing on PyPI doesn't really have a coherent threat model so it doesn't really protect against much. > > A dynamic API can be added as addition, but is hardly ever required > for installation. I think I've misled you! I have no plans to make the installer API dynamic. I want as many requests as possible to be served out of the Fastly cache instead of hitting the backends as possible which means whatever we end up with will focus on static responses and expecting the clients to do more requests and handle more things on the client side rather than just querying the server for it. However, I don't think that HTML is a very good data serialization format, it's primary purpose is for document markup which isn't really the same thing as data serialization. One such shortcoming is the total lack of any real data type except for strings, looking at just the "has gpg signature" thing from above, it'd be nicer if that could be modeled as: ? ? [ ? ? ? ? {"url": "/path/to/filename.tar.gz", "has_sig": True} ? ? ] Instead of relying on the presence or absence of a value (which doens't work if you need to detect the difference between False/None) or using special values that can be converted to some other data type if you know ahead of time you need to do that for that particular value. I don't know for a fact it'll be JSON, but I think it's an obvious choice given that it's in the standard library, it's a reasonable data serialization format, and it's human readable. When it comes to that time I think it'd be reasonable to explore other formats to see if they make sense too, but whatever it will be it's my intent it'll be static. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From ncoghlan at gmail.com Tue Sep 8 03:52:39 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Tue, 8 Sep 2015 11:52:39 +1000 Subject: [Distutils] "Specs" vs "Proposals" In-Reply-To: References: Message-ID: On 8 September 2015 at 04:13, Marcus Smith wrote: > and assuming that approach, I raised a few "publishing" questions: > 1) do we publish/render all supported versions of a certain spec, or just > the latest > 2) if we publish them all, then how? do we maintain separate documents for > distinct versions? if not, how do we do it? Ah, I missed you'd broken this out to a new thread before replying to the old one. My concrete proposal would be to use a structure like the following: https://packaging.python.org/specifications/versioning-1.x.html https://packaging.python.org/specifications/compatibility-tags-1.x.html https://packaging.python.org/specifications/wheel-format-1.x.html The underlying principle behind that naming scheme is that I *want* to support revising lower level specifications (like compatibility tags), without also revising higher level specifications to refer to the new version. If that's *not* appropriate for a particular change, then it suggests we may actually need a major version bump in the lower level spec (even if it can be accounted for through a backwards compatible change in the higher level specs). My rationale from that comes from the proposed approach to metadata versioning in PEP 426: =============== Automated tools consuming metadata SHOULD warn if metadata_version is greater than the highest version they support, and MUST fail if metadata_version has a greater major version than the highest version they support (as described in PEP 440 , the major version is the value before the first dot). =============== >From a tooling perspective, this "file per major version" approach also creates a substantially different review workflow for minor and major revisions. For minor revisions, the review would be of a PR against the existing specification. For major revisions, it would be a review of a completely new file. My rationale behind having the "1.x" in the URL rather than just "1" is that I see it as a subtle reminder that the specs may be updated in-place for backwards compatible changes, and that this is by design - we're applying iterative design principles to software distribution interoperability specifications, so this isn't a "set it and forget it forever" kind of exercise on the part of tooling developers. Regards, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From wes.turner at gmail.com Tue Sep 8 05:19:04 2015 From: wes.turner at gmail.com (Wes Turner) Date: Mon, 7 Sep 2015 22:19:04 -0500 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> <55EDFC0B.7000200@egenix.com> Message-ID: On Mon, Sep 7, 2015 at 8:37 PM, Donald Stufft wrote: > On September 7, 2015 at 5:05:24 PM, M.-A. Lemburg (mal at egenix.com) wrote: > > > > In such a setup, the package manager would see lots and lots of > > links which are not relevant for the task. With the rel attributes, > > the package manager can focus on those links which are relevant. > > That's also the main reason for having those rel links in setuptools. > > Well I mean, setuptools is still going to inspect each link with or > without a > rel="download|homepage" to see if it "looks installable", which is the same > thing that pip does. I should probably call out explicitly that you cannot > assume that every single URL is a file though, that some may be unrelated. > So, with RDFa these would be something like https://en.wikipedia.org/wiki/RDFa#Examples
But I'd really prefer to just grab a block of JSON-LD from the top of the page (and/or a attribute). >From https://en.wikipedia.org/wiki/Schema.org#JSON-LD : ```html ``` > > > If we were designing this from scratch I might agree with you, though I > think > one of the biggest benefits of the "simple" repository is that it's > extremely > simple for someone to get started with it, a file system and basically any > web server is enough. So I'm not sure it's worth it to add the explicit rel > even if we were going from scratch if we lose that property. > > > > > Hmm, that's convention based and does not allow detecting > > the presence of such signatures without actually trying a download. > > > > I think it would be better to make the availability explicit > > by adding an attribute to the link element (just like for other > > such features). > > I'm OK with adding the attribute to links, though we should still mandate > the > location. Neither pip nor setuptools will do anything with the PGP > signatures > but some other tooling might. The legacy behavior of "just try the link" > will > still work then, and if someone wants to do it more efficiently the > attribute > is there. I'm not sure it's going to be generally useful since the signing > on > PyPI doesn't really have a coherent threat model so it doesn't really > protect > against much. > > > > > A dynamic API can be added as addition, but is hardly ever required > > for installation. > > I think I've misled you! > > I have no plans to make the installer API dynamic. I want as many requests > as > possible to be served out of the Fastly cache instead of hitting the > backends > as possible which means whatever we end up with will focus on static > responses > and expecting the clients to do more requests and handle more things on the > client side rather than just querying the server for it. > OT, indeed, but for/against downloading the *entire* package catalog (like yum,conda,dnf)? > > However, I don't think that HTML is a very good data serialization format, > it's > primary purpose is for document markup which isn't really the same thing as > data serialization. One such shortcoming is the total lack of any real data > type except for strings, looking at just the "has gpg signature" thing from > above, it'd be nicer if that could be modeled as: > > [ > {"url": "/path/to/filename.tar.gz", "has_sig": True} > ] > > Instead of relying on the presence or absence of a value (which doens't > work > if you need to detect the difference between False/None) or using special > values that can be converted to some other data type if you know ahead of > time > you need to do that for that particular value. > > I don't know for a fact it'll be JSON, but I think it's an obvious choice > given > that it's in the standard library, it's a reasonable data serialization > format, > and it's human readable. When it comes to that time I think it'd be > reasonable > to explore other formats to see if they make sense too, but whatever it > will > be it's my intent it'll be static. > JSON-LD is/should be parseable without a JSON-LD library (the @context (which can be implicit or explicit) is just ignored) > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nate at bx.psu.edu Tue Sep 8 19:29:29 2015 From: nate at bx.psu.edu (Nate Coraor) Date: Tue, 8 Sep 2015 13:29:29 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Mon, Sep 7, 2015 at 12:02 PM, Donald Stufft wrote: > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: > > >>> > > >>> I'll create PRs for this against wheel and pip shortly. I can also > work > > >>> on a PEP for the platform tag - I don't think it's going to need to > be a > > >>> big one. Are there any preferences as to whether this should be a > new PEP > > >>> or an update to 425? > > >>> > > Coming back to this, I'm wondering if we should include the libc > implementation/version in a less generic, but still generic linux wheel. > Right > now if you staticly link I think the only platform ABIs you need to worry > about > are libc and Python itself. Python itself is handled already but libc is > not. The only thing I've seen so far is "build on an old enough version of glibc > that it handles anything sane", but not all versions of Linux even use > glibc at > all. This proposal makes a lot of sense to me. pip will need an update to do the backwards compatibility, and it may be a little ugly to do this all on the platform tag. For example, linux_x86_64_ubuntu_12_04 wheels should not be installed on systems that identify as linux_x86_64_ubuntu_14_04, but linux_x86_64_glibc_2_15 wheels can be installed on systems that identify as linux_x86_64_glibc_2_19. pip would need to maintain a list of which tag prefixes or patterns should be considered backward compatible, and which should not. Granted, new libcs do not pop up overnight, so it's not exactly a nightmare scenario. Wheel should be updated to generate the "libc-generic" wheels by default when nothing other than libc is dynamically linked. It'll need libc vendor/version detection. Alternatively, the platform tag could be split in two, in which case you have a "generic" portion (which would probably be what it currently is, distutils.util.get_platform()) and a "specific" portion (the distro or libc), possibly prefixed with something to avoid having to maintain a list of what's version compatible and what's not, (e.g. 'd_ubuntu_14_04' vs. 'c_glibc_2_19')? I don't think there is a strong case to include the libc version in the specific portion when a distro version will also be specified, because the distro is supposed to define the ABI (at least in the case of distros with stable ABIs), and that includes the libc compatibility. So for psycopg2 wheels you'd get a "distro" wheel (linux_x86_64-d_ubuntu_14_04) but for SQLAlchemy, you'd get a "libc-generic" wheel (linux_x86_64-c_glibc_2_19). It's then up to PyPI project owners to build on whatever platforms they wish to support. --nate > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Tue Sep 8 20:33:05 2015 From: donald at stufft.io (Donald Stufft) Date: Tue, 8 Sep 2015 14:33:05 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 8, 2015 at 1:29:53 PM, Nate Coraor (nate at bx.psu.edu) wrote: > On Mon, Sep 7, 2015 at 12:02 PM, Donald Stufft wrote: > > > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: > > > >>> > > > >>> I'll create PRs for this against wheel and pip shortly. I can also > > work > > > >>> on a PEP for the platform tag - I don't think it's going to need to > > be a > > > >>> big one. Are there any preferences as to whether this should be a > > new PEP > > > >>> or an update to 425? > > > >>> > > > > Coming back to this, I'm wondering if we should include the libc > > implementation/version in a less generic, but still generic linux wheel. > > Right > > now if you staticly link I think the only platform ABIs you need to worry > > about > > are libc and Python itself. Python itself is handled already but libc is > > not. > > The only thing I've seen so far is "build on an old enough version of glibc > > that it handles anything sane", but not all versions of Linux even use > > glibc at > > all. > > > This proposal makes a lot of sense to me. pip will need an update to do the > backwards compatibility, and it may be a little ugly to do this all on the > platform tag. For example, linux_x86_64_ubuntu_12_04 wheels should not be > installed on systems that identify as linux_x86_64_ubuntu_14_04, but > linux_x86_64_glibc_2_15 wheels can be installed on systems that identify as > linux_x86_64_glibc_2_19. pip would need to maintain a list of which tag > prefixes or patterns should be considered backward compatible, and which > should not. Granted, new libcs do not pop up overnight, so it's not exactly > a nightmare scenario. > > Wheel should be updated to generate the "libc-generic" wheels by default > when nothing other than libc is dynamically linked. It'll need libc > vendor/version detection. > > Alternatively, the platform tag could be split in two, in which case you > have a "generic" portion (which would probably be what it currently is, > distutils.util.get_platform()) and a "specific" portion (the distro or > libc), possibly prefixed with something to avoid having to maintain a list > of what's version compatible and what's not, (e.g. 'd_ubuntu_14_04' vs. > 'c_glibc_2_19')? > > I don't think there is a strong case to include the libc version in the > specific portion when a distro version will also be specified, because the > distro is supposed to define the ABI (at least in the case of distros with > stable ABIs), and that includes the libc compatibility. So for psycopg2 > wheels you'd get a "distro" wheel (linux_x86_64-d_ubuntu_14_04) but for > SQLAlchemy, you'd get a "libc-generic" wheel (linux_x86_64-c_glibc_2_19). > > It's then up to PyPI project owners to build on whatever platforms they > wish to support. > I think it's reasonable to not include the libc when the wheel is distro specific. I think the barrier to entry on adding new tags is far lower than adding a whole new type of tag. Right now, I think our longest tag is for OSX which is something like macosx_10_10_x86_64 at 19 chars, I don't think it's much worse to have something like linux_glibc_2_19_x86_64 at 23 chars, or linux_ubuntu_14_04_x86_64 at 25 chars. I don't think we need the special c or d prefix, we can just treat it as ==, and special case glibc as >= like we're currently special casing the macosx wheels to be >=. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From wes.turner at gmail.com Tue Sep 8 21:14:53 2015 From: wes.turner at gmail.com (Wes Turner) Date: Tue, 8 Sep 2015 14:14:53 -0500 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Sep 8, 2015 1:33 PM, "Donald Stufft" wrote: > > On September 8, 2015 at 1:29:53 PM, Nate Coraor (nate at bx.psu.edu) wrote: > > On Mon, Sep 7, 2015 at 12:02 PM, Donald Stufft wrote: > > > > > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: > > > > >>> > > > > >>> I'll create PRs for this against wheel and pip shortly. I can also > > > work > > > > >>> on a PEP for the platform tag - I don't think it's going to need to > > > be a > > > > >>> big one. Are there any preferences as to whether this should be a > > > new PEP > > > > >>> or an update to 425? > > > > >>> > > > > > > Coming back to this, I'm wondering if we should include the libc > > > implementation/version in a less generic, but still generic linux wheel. > > > Right > > > now if you staticly link I think the only platform ABIs you need to worry > > > about > > > are libc and Python itself. Python itself is handled already but libc is > > > not. > > > > The only thing I've seen so far is "build on an old enough version of glibc > > > that it handles anything sane", but not all versions of Linux even use > > > glibc at > > > all. > > > > > > This proposal makes a lot of sense to me. pip will need an update to do the > > backwards compatibility, and it may be a little ugly to do this all on the > > platform tag. For example, linux_x86_64_ubuntu_12_04 wheels should not be > > installed on systems that identify as linux_x86_64_ubuntu_14_04, but > > linux_x86_64_glibc_2_15 wheels can be installed on systems that identify as > > linux_x86_64_glibc_2_19. pip would need to maintain a list of which tag > > prefixes or patterns should be considered backward compatible, and which > > should not. Granted, new libcs do not pop up overnight, so it's not exactly > > a nightmare scenario. Could there be shim packages here? How is this a different dependency? > > > > Wheel should be updated to generate the "libc-generic" wheels by default > > when nothing other than libc is dynamically linked. It'll need libc > > vendor/version detection. > > > > Alternatively, the platform tag could be split in two, in which case you > > have a "generic" portion (which would probably be what it currently is, > > distutils.util.get_platform()) and a "specific" portion (the distro or > > libc), possibly prefixed with something to avoid having to maintain a list > > of what's version compatible and what's not, (e.g. 'd_ubuntu_14_04' vs. > > 'c_glibc_2_19')? > > > > I don't think there is a strong case to include the libc version in the > > specific portion when a distro version will also be specified, because the > > distro is supposed to define the ABI (at least in the case of distros with > > stable ABIs), and that includes the libc compatibility. So for psycopg2 > > wheels you'd get a "distro" wheel (linux_x86_64-d_ubuntu_14_04) but for > > SQLAlchemy, you'd get a "libc-generic" wheel (linux_x86_64-c_glibc_2_19). > > > > It's then up to PyPI project owners to build on whatever platforms they > > wish to support. > > > > I think it's reasonable to not include the libc when the wheel is distro > specific. I think the barrier to entry on adding new tags is far lower than > adding a whole new type of tag. Right now, I think our longest tag is for OSX > which is something like macosx_10_10_x86_64 at 19 chars, I don't think it's > much worse to have something like linux_glibc_2_19_x86_64 at 23 chars, or > linux_ubuntu_14_04_x86_64 at 25 chars. I don't think we need the special c or > d prefix, we can just treat it as ==, and special case glibc as >= like we're > currently special casing the macosx wheels to be >=. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From leorochael at gmail.com Tue Sep 8 21:18:10 2015 From: leorochael at gmail.com (Leonardo Rochael Almeida) Date: Tue, 8 Sep 2015 16:18:10 -0300 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: Hi, Going back in time to this old post, but I think it becomes more relevant now that Nate's work is being completed: On 13 August 2015 at 22:47, Nathaniel Smith wrote: > On Thu, Aug 13, 2015 at 12:30 PM, Leonardo Rochael Almeida > wrote: > > > > On 13 August 2015 at 11:07, Nate Coraor wrote: > >> > >> On Wed, Aug 12, 2015 at 9:05 PM, Nathaniel Smith wrote: > >>> > [...] > >>> (2) the special hard-coded tag "centos5". (That's what everyone > actually > >>> uses in practice, right?) > >> > >> > >> The idea here is that we should attempt to install centos5 wheels if > more > >> specific wheels for the platform aren't available? > > > > > > Just my opinion, but although I'm +1 on Nate's efforts, I'm -1 on both > the > > standard behavior for installation being the exact platform tag, and an > > automatic fallback to cento5. > > > > IMO, on Linux, the default should always be to opt in to the desired > > platform tags. > > > > We could make it so that the word `default` inside > > `binary-compatibility.cfg` means an exact match on the distro version, so > > that we could simplify the documentation. > > > > But I don't want to upgrade to pip and suddenly find myself installing > > binary wheels compiled by whomever for whatever platform I have no > control > > with, even assuming the best of the package builders intentions. > > > > And I certainly don't want centos5 wheels accidentally installed on my > > ubuntu servers unless I very specifically asked for them. > > > > The tiny pain inflicted by telling users to add a one-line text file in a > > very well known location (or two lines, for the added centos5), so that > they > > can get the benefit of binary wheels on linux, is very small compared to > the > > pain of repeatable install scripts suddenly behaving differently and > > installing binary wheels in systems that were prepared to pay the price > of > > source installs, including the setting of build environment variables > that > > correctly tweaked their build process. > > I think there are two issues here: > > 1) You don't want centos5 wheels "accidentally" installed on an ubuntu > server: Fair enough, you're right; we should probably make the "this > wheel should work on pretty much any linux out there" tag be something > that distributors have to explicitly opt into (similar to how they > have to opt into creating universal wheels), rather than having it be > something you could get by just typing 'pip wheel foo' on the right > (wrong) machine. > I agree that generating something like "this linux binary wheel is generically installable" should be opt-in, yes. But I also feel strongly that installing such a generic wheel should also be opt in. I guess that if we go into the direction of being able to generate wheels with a libc tag rather than a distro tag, like Nate and Donald are now discussing, then we could get both kinds of opt-in by specifying the libc tag in `binary-compatibility.cfg`. > 2) You want it to be the case that if I type 'pip install foo' on a > Linux machine, and pip finds both an sdist and a wheel, where the > wheel is definitely compatible with the current system, then it should > still always prefer the sdist unless configured otherwise: Here I > disagree strongly. This is inconsistent with how things work on every > other platform, it's inconsistent with how pip is being used on Linux > right now with private wheelhouses, and the "tiny pain" of editing a > file in /etc is a huge barrier to new users, many of whom are > uncomfortable editing config files and may not have root access. Not having root access shouldn't be an issue, as there should be a user-level and virtualenv level equivalents to a `binary-compatibility.cfg` on `/etc`, and perhaps it could even be included in `requirements.txt` for a project, so users of a project might not even have to bother setting up `binary-compatibility.cfg`. However, you make an excellent point: not handling binary wheels on Linux by default (at least with exact platform tag matching) would mean having different behavior between Linux and Mac/Windows. Still, I wouldn't want a random binary wheel suddenly finding its way into my servers, and I would like a way to opt out of it, for "reasons" (ex. I might have special build flags, or a special compiler, or maybe I'm still waiting for TUF before trusting other peoples binaries on my servers). So I'd like to propose that the installation tooling (eg. `pip`, `distlib`) should allow the user to specify which index servers to trust for receiving binary wheels and which to trust only for pure python wheels or sdists. It could trust them all by default, to maintain the current behavior (where `all` means only pypi unless I specified more, obviously), but I'd like a switch to limit this trust to a subset of the specified index servers. Regards, Leo -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Tue Sep 8 21:22:56 2015 From: donald at stufft.io (Donald Stufft) Date: Tue, 8 Sep 2015 15:22:56 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On September 8, 2015 at 3:21:26 PM, Leonardo Rochael Almeida (leorochael at gmail.com) wrote: > > Still, I wouldn't want a random binary wheel suddenly finding its way into > my servers, and I would like a way to opt out of it, for "reasons" (ex. I > might have special build flags, or a special compiler, or maybe I'm still > waiting for TUF before trusting other peoples binaries on my servers). > ?no-binary packages,that,have,binaries ? ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From dholth at gmail.com Tue Sep 8 21:32:09 2015 From: dholth at gmail.com (Daniel Holth) Date: Tue, 08 Sep 2015 19:32:09 +0000 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: https://www.python.org/dev/peps/pep-0425/#platform-tag is currently defined in terms of distutils get_platform(). Instead, it could be defined more abstractly to read something like "The platform tag expresses which system(s) might be capable of running or linking with binary components of the package." This would express what the tag is for rather than the list of allowed values. Then a "legal" change in the list of allowed values would not necessarily be effected by changing the distutils get_platform function. As for whether a binary is allowed from a particular server the idea of using a different list of compatible/allowed tags per-package-source has floated around. Distasteful amount of configuration though. Something like the Internet Explorer security zones where you have categories of remotes... On Tue, Sep 8, 2015 at 3:14 PM Wes Turner wrote: > > On Sep 8, 2015 1:33 PM, "Donald Stufft" wrote: > > > > On September 8, 2015 at 1:29:53 PM, Nate Coraor (nate at bx.psu.edu) wrote: > > > On Mon, Sep 7, 2015 at 12:02 PM, Donald Stufft wrote: > > > > > > > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) > wrote: > > > > > >>> > > > > > >>> I'll create PRs for this against wheel and pip shortly. I can > also > > > > work > > > > > >>> on a PEP for the platform tag - I don't think it's going to > need to > > > > be a > > > > > >>> big one. Are there any preferences as to whether this should > be a > > > > new PEP > > > > > >>> or an update to 425? > > > > > >>> > > > > > > > > Coming back to this, I'm wondering if we should include the libc > > > > implementation/version in a less generic, but still generic linux > wheel. > > > > Right > > > > now if you staticly link I think the only platform ABIs you need to > worry > > > > about > > > > are libc and Python itself. Python itself is handled already but > libc is > > > > not. > > > > > > The only thing I've seen so far is "build on an old enough version of > glibc > > > > that it handles anything sane", but not all versions of Linux even > use > > > > glibc at > > > > all. > > > > > > > > > This proposal makes a lot of sense to me. pip will need an update to > do the > > > backwards compatibility, and it may be a little ugly to do this all on > the > > > platform tag. For example, linux_x86_64_ubuntu_12_04 wheels should not > be > > > installed on systems that identify as linux_x86_64_ubuntu_14_04, but > > > linux_x86_64_glibc_2_15 wheels can be installed on systems that > identify as > > > linux_x86_64_glibc_2_19. pip would need to maintain a list of which tag > > > prefixes or patterns should be considered backward compatible, and > which > > > should not. Granted, new libcs do not pop up overnight, so it's not > exactly > > > a nightmare scenario. > > Could there be shim packages here? > How is this a different dependency? > > > > > > > Wheel should be updated to generate the "libc-generic" wheels by > default > > > when nothing other than libc is dynamically linked. It'll need libc > > > vendor/version detection. > > > > > > Alternatively, the platform tag could be split in two, in which case > you > > > have a "generic" portion (which would probably be what it currently is, > > > distutils.util.get_platform()) and a "specific" portion (the distro or > > > libc), possibly prefixed with something to avoid having to maintain a > list > > > of what's version compatible and what's not, (e.g. 'd_ubuntu_14_04' vs. > > > 'c_glibc_2_19')? > > > > > > I don't think there is a strong case to include the libc version in the > > > specific portion when a distro version will also be specified, because > the > > > distro is supposed to define the ABI (at least in the case of distros > with > > > stable ABIs), and that includes the libc compatibility. So for psycopg2 > > > wheels you'd get a "distro" wheel (linux_x86_64-d_ubuntu_14_04) but for > > > SQLAlchemy, you'd get a "libc-generic" wheel > (linux_x86_64-c_glibc_2_19). > > > > > > It's then up to PyPI project owners to build on whatever platforms they > > > wish to support. > > > > > > > I think it's reasonable to not include the libc when the wheel is distro > > specific. I think the barrier to entry on adding new tags is far lower > than > > adding a whole new type of tag. Right now, I think our longest tag is > for OSX > > which is something like macosx_10_10_x86_64 at 19 chars, I don't think > it's > > much worse to have something like linux_glibc_2_19_x86_64 at 23 chars, or > > linux_ubuntu_14_04_x86_64 at 25 chars. I don't think we need the special > c or > > d prefix, we can just treat it as ==, and special case glibc as >= like > we're > > currently special casing the macosx wheels to be >=. > > > > ----------------- > > Donald Stufft > > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From leorochael at gmail.com Tue Sep 8 21:39:26 2015 From: leorochael at gmail.com (Leonardo Rochael Almeida) Date: Tue, 8 Sep 2015 16:39:26 -0300 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: That's nice for singling out some packages (though I only found a , but I had a different use-case in mind, which I guess I didn't fully articulate: I might want binary wheels for some packages, just not coming from PyPI, where I don't necessarily trust whatever was put there. I'm perfectly fine trusting binary wheels coming from my own wheelhouse, for example. So, I'd rather have a: --accept-binary-from=http://mywheelhouse.example.com Which would accept binary from all provided indexes if absent Or perhaps a: --no-binary-from=https://pypi.python.org/simple Regards, Leo On 8 September 2015 at 16:22, Donald Stufft wrote: > On September 8, 2015 at 3:21:26 PM, Leonardo Rochael Almeida ( > leorochael at gmail.com) wrote: > > > > Still, I wouldn't want a random binary wheel suddenly finding its way > into > > my servers, and I would like a way to opt out of it, for "reasons" (ex. I > > might have special build flags, or a special compiler, or maybe I'm still > > waiting for TUF before trusting other peoples binaries on my servers). > > > > ?no-binary packages,that,have,binaries ? > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From njs at pobox.com Wed Sep 9 04:10:55 2015 From: njs at pobox.com (Nathaniel Smith) Date: Tue, 8 Sep 2015 19:10:55 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Mon, Sep 7, 2015 at 9:02 AM, Donald Stufft wrote: > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: >> >>> >> >>> I'll create PRs for this against wheel and pip shortly. I can also work >> >>> on a PEP for the platform tag - I don't think it's going to need to be a >> >>> big one. Are there any preferences as to whether this should be a new PEP >> >>> or an update to 425? >> >>> > > Coming back to this, I'm wondering if we should include the libc > implementation/version in a less generic, but still generic linux wheel. Right > now if you staticly link I think the only platform ABIs you need to worry about > are libc and Python itself. Python itself is handled already but libc is not. > The only thing I've seen so far is "build on an old enough version of glibc > that it handles anything sane", but not all versions of Linux even use glibc at > all. This feels kinda half-baked to me? "linux" is a useful tag because it has a clear meaning: "there exists a linux system somewhere that can run this, but no guarantees about which one, good luck". When building a wheel it's easy to tell whether this tag can be correctly applied. Distro-specific tags are useful because they also have a fairly clear meaning: "here's a specific class of systems that can run this, so long as you install enough packages to fulfill the external dependencies". Again, when building a wheel it's pretty easy to tell whether this tag can be correctly applied. (Of course someone could screw this up, e.g. by building on a system is technically distro X but has some incompatible hand-compiled libraries installed, but 99% of the time we can guess correctly.) If we define a LSB-style base system and give it a tag, like I don't know, the "Python base environment", call it "linux_pybe1_core" or something, that describes what libraries are and aren't available and their ABIs, and provide docs/tooling to help people explicitly create such wheels and check whether they're compatible with their system, then this is also useful -- we have proof that this is sufficient to actually distribute arbitrary software usefully, given that multiple distributors have converged on this strategy. (I've been talking to some people off-list about maybe actually putting together a proposal like this...) To me "linux_glibc_2.18" falls between the cracks though. If this starts being what you get by default when you build a wheel, then people will use it for wheels that are *not* statically linked, and what that tag will mean is "there exists some system that can run this, and that has glibc 2.18 on it, and also some other unspecified stuff, good luck". Which is pretty useless -- we might as well just stick with "linux" in this case. OTOH if it's something that builders have to opt into, then we could document that it's only to be used for wheels that are statically linked except for glibc, and make it mean "*any* system which has glibc 2.18 or later on it can run this". Which would be useful in some cases. But at this point it's basically a version of the "defined base environment" approach, and once you've gone that far you might as well take advantage of the various distributors' experience about what should actually be in that environment -- glibc isn't enough. -n -- Nathaniel J. Smith -- http://vorpus.org From nate at bx.psu.edu Wed Sep 9 17:06:33 2015 From: nate at bx.psu.edu (Nate Coraor) Date: Wed, 9 Sep 2015 11:06:33 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Tue, Sep 8, 2015 at 10:10 PM, Nathaniel Smith wrote: > On Mon, Sep 7, 2015 at 9:02 AM, Donald Stufft wrote: > > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: > >> >>> > >> >>> I'll create PRs for this against wheel and pip shortly. I can also > work > >> >>> on a PEP for the platform tag - I don't think it's going to need to > be a > >> >>> big one. Are there any preferences as to whether this should be a > new PEP > >> >>> or an update to 425? > >> >>> > > > > Coming back to this, I'm wondering if we should include the libc > > implementation/version in a less generic, but still generic linux wheel. > Right > > now if you staticly link I think the only platform ABIs you need to > worry about > > are libc and Python itself. Python itself is handled already but libc is > not. > > The only thing I've seen so far is "build on an old enough version of > glibc > > that it handles anything sane", but not all versions of Linux even use > glibc at > > all. > > This feels kinda half-baked to me? > > "linux" is a useful tag because it has a clear meaning: "there exists > a linux system somewhere that can run this, but no guarantees about > which one, good luck". When building a wheel it's easy to tell whether > this tag can be correctly applied. > I'm not sure how it'd be possible to tell. The same meaning for a generic tag would be true of any wheel built, regardless of whether the wheel has dependencies in addition to libc. > Distro-specific tags are useful because they also have a fairly clear > meaning: "here's a specific class of systems that can run this, so > long as you install enough packages to fulfill the external > dependencies". Again, when building a wheel it's pretty easy to tell > whether this tag can be correctly applied. (Of course someone could > screw this up, e.g. by building on a system is technically distro X > but has some incompatible hand-compiled libraries installed, but 99% > of the time we can guess correctly.) > > If we define a LSB-style base system and give it a tag, like I don't > know, the "Python base environment", call it "linux_pybe1_core" or > something, that describes what libraries are and aren't available and > their ABIs, and provide docs/tooling to help people explicitly create > such wheels and check whether they're compatible with their system, > then this is also useful -- we have proof that this is sufficient to > actually distribute arbitrary software usefully, given that multiple > distributors have converged on this strategy. (I've been talking to > some people off-list about maybe actually putting together a proposal > like this...) > > To me "linux_glibc_2.18" falls between the cracks though. If this > starts being what you get by default when you build a wheel, then > people will use it for wheels that are *not* statically linked, and > what that tag will mean is "there exists some system that can run > this, and that has glibc 2.18 on it, and also some other unspecified > stuff, good luck". Which is pretty useless -- we might as well just > stick with "linux" in this case. OTOH if it's something that builders > have to opt into, then we could document that it's only to be used for > wheels that are statically linked except for glibc, and make it mean > "*any* system which has glibc 2.18 or later on it can run this". Which > would be useful in some cases. This is a tooling issue. If wheel (the package) inspects the built .so files and finds they are not dynamically linked to anything not included with glibc, it can apply the glibc tag. Otherwise, it'd apply the distro tag. There's no possibility for human error here, unless they explicitly override the platform tag. > But at this point it's basically a > version of the "defined base environment" approach, and once you've > gone that far you might as well take advantage of the various > distributors' experience about what should actually be in that > environment -- glibc isn't enough. > While I agree that glibc isn't always enough, defining a base environment that may not be met by the "standard" install of popular distributions makes unprivileged wheel installation much more difficult. It's also not going to work out of the box on older distributions that wouldn't provide whatever standardized mechanism is defined for a list of "base environments currently provided by this system" (unless pip does the work itself at runtime to determine whether a base environment is met). Maybe an important question: how many popular packages with C Extensions have dependencies in addition to glibc? > > -n > > -- > Nathaniel J. Smith -- http://vorpus.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From njs at pobox.com Thu Sep 10 01:49:31 2015 From: njs at pobox.com (Nathaniel Smith) Date: Wed, 9 Sep 2015 16:49:31 -0700 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: On Wed, Sep 9, 2015 at 8:06 AM, Nate Coraor wrote: > On Tue, Sep 8, 2015 at 10:10 PM, Nathaniel Smith wrote: >> >> On Mon, Sep 7, 2015 at 9:02 AM, Donald Stufft wrote: >> > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) wrote: >> >> >>> >> >> >>> I'll create PRs for this against wheel and pip shortly. I can also >> >> >>> work >> >> >>> on a PEP for the platform tag - I don't think it's going to need to >> >> >>> be a >> >> >>> big one. Are there any preferences as to whether this should be a >> >> >>> new PEP >> >> >>> or an update to 425? >> >> >>> >> > >> > Coming back to this, I'm wondering if we should include the libc >> > implementation/version in a less generic, but still generic linux wheel. >> > Right >> > now if you staticly link I think the only platform ABIs you need to >> > worry about >> > are libc and Python itself. Python itself is handled already but libc is >> > not. >> > The only thing I've seen so far is "build on an old enough version of >> > glibc >> > that it handles anything sane", but not all versions of Linux even use >> > glibc at >> > all. >> >> This feels kinda half-baked to me? >> >> "linux" is a useful tag because it has a clear meaning: "there exists >> a linux system somewhere that can run this, but no guarantees about >> which one, good luck". When building a wheel it's easy to tell whether >> this tag can be correctly applied. > > > I'm not sure how it'd be possible to tell. The same meaning for a generic > tag would be true of any wheel built, regardless of whether the wheel has > dependencies in addition to libc. Sure... my point is just that "linux" is unambiguous and fills a niche: it unambiguously says "you're on your own", and sometimes that's the best we can hope to say. >> Distro-specific tags are useful because they also have a fairly clear >> meaning: "here's a specific class of systems that can run this, so >> long as you install enough packages to fulfill the external >> dependencies". Again, when building a wheel it's pretty easy to tell >> whether this tag can be correctly applied. (Of course someone could >> screw this up, e.g. by building on a system is technically distro X >> but has some incompatible hand-compiled libraries installed, but 99% >> of the time we can guess correctly.) >> >> If we define a LSB-style base system and give it a tag, like I don't >> know, the "Python base environment", call it "linux_pybe1_core" or >> something, that describes what libraries are and aren't available and >> their ABIs, and provide docs/tooling to help people explicitly create >> such wheels and check whether they're compatible with their system, >> then this is also useful -- we have proof that this is sufficient to >> actually distribute arbitrary software usefully, given that multiple >> distributors have converged on this strategy. (I've been talking to >> some people off-list about maybe actually putting together a proposal >> like this...) >> >> To me "linux_glibc_2.18" falls between the cracks though. If this >> starts being what you get by default when you build a wheel, then >> people will use it for wheels that are *not* statically linked, and >> what that tag will mean is "there exists some system that can run >> this, and that has glibc 2.18 on it, and also some other unspecified >> stuff, good luck". Which is pretty useless -- we might as well just >> stick with "linux" in this case. OTOH if it's something that builders >> have to opt into, then we could document that it's only to be used for >> wheels that are statically linked except for glibc, and make it mean >> "*any* system which has glibc 2.18 or later on it can run this". Which >> would be useful in some cases. > > > This is a tooling issue. If wheel (the package) inspects the built .so files > and finds they are not dynamically linked to anything not included with > glibc, it can apply the glibc tag. Otherwise, it'd apply the distro tag. > There's no possibility for human error here, unless they explicitly override > the platform tag. > >> >> But at this point it's basically a >> version of the "defined base environment" approach, and once you've >> gone that far you might as well take advantage of the various >> distributors' experience about what should actually be in that >> environment -- glibc isn't enough. > > While I agree that glibc isn't always enough, defining a base environment > that may not be met by the "standard" install of popular distributions makes > unprivileged wheel installation much more difficult. Yeah, which is why my suggestion is that we steal the "base environment" definition from the folks like Continuum and Enthought who have already done the work of determining what is in the "standard" install of popular distributions, and have spent years actually distributing packages to unprivileged users :-). > It's also not going to > work out of the box on older distributions that wouldn't provide whatever > standardized mechanism is defined for a list of "base environments currently > provided by this system" (unless pip does the work itself at runtime to > determine whether a base environment is met). Right -- which is basically what pip will have to do to figure out the current glibc version too, right? Trying to guess whether the installed versions of several libraries are really ABI compatible with what we expect is harder than trying to guess whether the installed version of glibc alone is really ABI compatible with what we expect, but in both cases it's basically a heuristic (some distros could have local patches to their glibc that break ABI, who knows) and in both cases it's basically safe to just assume it will work (because if we stick to libraries that other distributors are already depending on then we have years of experience that it pretty much always works). > Maybe an important question: > how many popular packages with C Extensions have dependencies in addition to > glibc? Certainly enough that the major distributors of binary packages on Linux, like Continuum and Enthought, have decided that they need to require more than glibc :-). libstdc++ is an example of one particularly common external dependency. To be clear: if you're talking specifically about the model where we validate that the extensions are statically linked before we enable the glibc tag, then I don't think it will do any harm to have it as an option. It just seems redundant with the more general solution. -n -- Nathaniel J. Smith -- http://vorpus.org From chenchao at inhand.com.cn Tue Sep 8 04:09:10 2015 From: chenchao at inhand.com.cn (chenchao at inhand.com.cn) Date: Tue, 08 Sep 2015 10:09:10 +0800 Subject: [Distutils] Fwd: install In-Reply-To: <55ED69F9.303@inhand.com.cn> References: <55ED69F9.303@inhand.com.cn> Message-ID: <55EE4346.5060507@inhand.com.cn> hi: I cross compiled python2.7.10 and install python on my embedded device. But now, I may install pip on my embedded device. So, I did it as follow: 1>I execute cmd:python -m ensurepip. It ocuurs errors as follow: Traceback (most recent call last): File "/usr/lib/python/lib/python27.zip/runpy.py", line 162, in _run_module_as_main File "/usr/lib/python/lib/python27.zip/runpy.py", line 72, in _run_code File "/var/app/python/libs/ensurepip.zip/ensurepip/__main__.py", line 4, in File "/var/app/python/libs/ensurepip.zip/ensurepip/__init__.py", line 226, in _main File "/var/app/python/libs/ensurepip.zip/ensurepip/__init__.py", line 123, in bootstrap File "/var/app/python/libs/ensurepip.zip/ensurepip/__init__.py", line 45, in _run_pip File "/tmp/tmprHZPx4/pip-6.1.1-py2.py3-none-any.whl/pip/__init__.py", line 15, in File "/tmp/tmprHZPx4/pip-6.1.1-py2.py3-none-any.whl/pip/vcs/subversion.py", line 9, in File "/tmp/tmprHZPx4/pip-6.1.1-py2.py3-none-any.whl/pip/index.py", line 30, in File "/tmp/tmprHZPx4/pip-6.1.1-py2.py3-none-any.whl/pip/_vendor/__init__.py", line 92, in load_module ImportError: No module named 'pip._vendor.html5lib' The message "/tmp/tmprHZPx4/pip-6.1.1-py2.py3-none-any.whl" point out the pip package in that dir, while it is not there. 2>As a result of the above error message, I download the pip-7.1.2 package and install it on my embedded device. It ocuurs errors as follow: # python setup.py install Traceback (most recent call last): File "setup.py", line 6, in from setuptools import setup, find_packages ImportError: No module named setuptools # 3> I I download the setuptools package and execute cmd: python setup.py install.It ocuurs errors as follow: # python setup.py install Traceback (most recent call last): File "setup.py", line 6, in from setuptools import setup, find_packages File "/var/app/python/libs/setuptools.zip/setuptools/__init__.py", line 12, in File "/var/app/python/libs/setuptools.zip/setuptools/extension.py", line 8, in File "/var/app/python/libs/setuptools.zip/setuptools/dist.py", line 19, in ImportError: No module named pkg_resources So, where can i download the pkg_resources package. Is there somebody installed pip on embedded device? can you tell me how to do that? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dw+python-ideas at hmmz.org Thu Sep 10 01:01:30 2015 From: dw+python-ideas at hmmz.org (David Wilson) Date: Wed, 9 Sep 2015 23:01:30 +0000 Subject: [Distutils] [Python-ideas] PyPI search still broken In-Reply-To: References: <204080FC-D5B0-44A9-9D9D-582B1491B413@yahoo.com> <20150904172710.GO19373@ando.pearwood.info> <87lhcl2viv.fsf@uwakimon.sk.tsukuba.ac.jp> <85h9n482sa.fsf@benfinney.id.au> Message-ID: <20150909230130.GA14415@k3> Hi there, My 2.5 year old offer to retrofit the old codebase with a new search system still stands[1]. :) There is no reason for this to be a complex affair, the prototype built back then took only a few hours to complete. No doubt the long term answer is probably "Warehouse fixes this", but Warehouse seems no nearer a reality than it did in 2013. David [1] https://groups.google.com/forum/#!search/%22david$20wilson%22$20search$20pypi/pypa-dev/ZjUNkczsKos/2et8926YOQYJ On Thu, Sep 10, 2015 at 12:35:04AM +0200, Giovanni Cannata wrote: > Hi, sorry to bother you again, but the search problem on PyPI is still present > after different weeks and it's very annoying. I've just released a new version > of my ldap3 project and it doesn't show up when searching with its name. For > mine (and I suppose for other emerging project, especially related to Python 3) > it's vital to be easily found by other developers that use pip and PyPI as THE > only repository for python packages and using the number of download as a > ranking of popularity of a project. > > If search can't be fixed there should be at least a warning on the PyPI > homepage to let users know that search is broken and that using Google for > searching could help to find more packages. > > Bye, > Giovanni > _______________________________________________ > Python-ideas mailing list > Python-ideas at python.org > https://mail.python.org/mailman/listinfo/python-ideas > Code of Conduct: http://python.org/psf/codeofconduct/ From holger at merlinux.eu Thu Sep 10 13:11:57 2015 From: holger at merlinux.eu (holger krekel) Date: Thu, 10 Sep 2015 11:11:57 +0000 Subject: [Distutils] devpi-server-2.3.0: changed pypi caching, semantic versioning Message-ID: <20150910111157.GM26059@merlinux.eu> devpi-server-2.3: more resilient pypi caching, semantic versioning ============================================================================ The devpi-server-2.3 release brings two important changes: - We don't use the XMLRPC "changelog" interface of pypi.python.org anymore. Instead devpi-server now re-checks with pypi every 30 minutes and will serve cached contents in between. If pypi is not reachable and we still have cached contents we continue serving the cached content so that we can survive pypi outages. - we switched to semantic versioning so that only major version number increases signal the need for an export/import cycle. If you have a devpi-server-2.2.X installation you are not required to export/import. However, there has been a regression with the execnet-1.4.0 release which was fixed with the now current execnet-1.4.1 release. If you have freshly setup devpi-server and used execnet-1.4.0 at that time you will need to do an export with execnet-1.4.0 and then import with execnet-1.4.1 installed. Note also that we released new micro releases of devpi-client and devpi-web which are pure bugfixing releases. For many more changes and fixes, please see the respective CHANGELOG of the respective packages. For docs and quickstart tutorials see http://doc.devpi.net many thanks to Florian Schulze who any of the new features. And special thanks go to the two still unnamed companies who funded major parts of the above work. have fun, holger krekel, merlinux GmbH 2.3.0 (2015-09-10) ------------------ - switched to semantic versioning. Only major revisions will ever require an export/import cycle. - fix issue260: Log identical upload message on level "info" - Log upload trigger message on level "warn" - The PyPI changelog isn't watched for changes anymore. Instead we cache release data for 30 minutes, this can be adjusted with the ``--mirror-cache-expiry`` option. - fix issue251: Require and validate the "X-DEVPI-SERIAL" from master in replica thread - fix issue258: fix FileReplicationError representation for proper logging - fix issue256: if a project removes all releases from pypi or the project is deleted on pypi, we get a 404 back. In that case we now return an empty list of releases instead of returning an UpstreamError. - Change nginx template to serve HEAD in addition to GET requests of files directly instead of proxying to devpi-server - make keyfs cache size configurable via "--keyfs-cache-size" option and increase the default size to improve performance for installations with many writes From contact at ionelmc.ro Thu Sep 10 14:07:14 2015 From: contact at ionelmc.ro (=?UTF-8?Q?Ionel_Cristian_M=C4=83rie=C8=99?=) Date: Thu, 10 Sep 2015 15:07:14 +0300 Subject: [Distutils] [Python-ideas] PyPI search still broken In-Reply-To: <20150909230130.GA14415@k3> References: <204080FC-D5B0-44A9-9D9D-582B1491B413@yahoo.com> <20150904172710.GO19373@ando.pearwood.info> <87lhcl2viv.fsf@uwakimon.sk.tsukuba.ac.jp> <85h9n482sa.fsf@benfinney.id.au> <20150909230130.GA14415@k3> Message-ID: Wouldn't it be better if you'd just build an external search service? Getting a list of packages and descriptions should be possible no? (just asking, not 100% sure) I doubt the maintainers are just going to come out and say "ok, this guy has waited long enough, lets take his contribution in". If they didn't care about the search 2.5 years ago why would they care now. Sorry for being snide here but my impression is that Warehouse could had been shipped a while ago instead of getting rewritten ? ? s ?everal times.? I'm not saying that's bad, it's just that there's a mismatch in goals here. Thanks, -- Ionel Cristian M?rie? On Thu, Sep 10, 2015 at 2:01 AM, David Wilson wrote: > Hi there, > > My 2.5 year old offer to retrofit the old codebase with a new search > system still stands[1]. :) There is no reason for this to be a complex > affair, the prototype built back then took only a few hours to complete. > > No doubt the long term answer is probably "Warehouse fixes this", but > Warehouse seems no nearer a reality than it did in 2013. > > > David > > [1] > https://groups.google.com/forum/#!search/%22david$20wilson%22$20search$20pypi/pypa-dev/ZjUNkczsKos/2et8926YOQYJ > > On Thu, Sep 10, 2015 at 12:35:04AM +0200, Giovanni Cannata wrote: > > Hi, sorry to bother you again, but the search problem on PyPI is still > present > > after different weeks and it's very annoying. I've just released a new > version > > of my ldap3 project and it doesn't show up when searching with its name. > For > > mine (and I suppose for other emerging project, especially related to > Python 3) > > it's vital to be easily found by other developers that use pip and PyPI > as THE > > only repository for python packages and using the number of download as a > > ranking of popularity of a project. > > > > If search can't be fixed there should be at least a warning on the PyPI > > homepage to let users know that search is broken and that using Google > for > > searching could help to find more packages. > > > > Bye, > > Giovanni > > > _______________________________________________ > > Python-ideas mailing list > > Python-ideas at python.org > > https://mail.python.org/mailman/listinfo/python-ideas > > Code of Conduct: http://python.org/psf/codeofconduct/ > > _______________________________________________ > Python-ideas mailing list > Python-ideas at python.org > https://mail.python.org/mailman/listinfo/python-ideas > Code of Conduct: http://python.org/psf/codeofconduct/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dw+python-ideas at hmmz.org Thu Sep 10 14:47:46 2015 From: dw+python-ideas at hmmz.org (David Wilson) Date: Thu, 10 Sep 2015 12:47:46 +0000 Subject: [Distutils] [Python-ideas] PyPI search still broken In-Reply-To: References: <87lhcl2viv.fsf@uwakimon.sk.tsukuba.ac.jp> <85h9n482sa.fsf@benfinney.id.au> <20150909230130.GA14415@k3> Message-ID: <20150910124746.GA18845@k3> On Thu, Sep 10, 2015 at 03:07:14PM +0300, Ionel Cristian M?rie? wrote: > Wouldn't it be better if you'd just build an external search service? > Getting a list of packages and descriptions should be possible no? > (just asking, not 100% sure) That would be the idea. In fact preferably not build a service at all, just pay someone $50/mo for hosted ElasticSearch, rip out the guts of the old thing and write a small sync cron job similar to the one existing in the Bitbucket repo I linked. David From donald at stufft.io Thu Sep 10 15:31:13 2015 From: donald at stufft.io (Donald Stufft) Date: Thu, 10 Sep 2015 09:31:13 -0400 Subject: [Distutils] [Python-ideas] PyPI search still broken In-Reply-To: <20150910124746.GA18845@k3> References: <87lhcl2viv.fsf@uwakimon.sk.tsukuba.ac.jp> <85h9n482sa.fsf@benfinney.id.au> <20150909230130.GA14415@k3> <20150910124746.GA18845@k3> Message-ID: On September 10, 2015 at 8:48:05 AM, David Wilson (dw+python-ideas at hmmz.org) wrote: > On Thu, Sep 10, 2015 at 03:07:14PM +0300, Ionel Cristian M?rie? wrote: > > > Wouldn't it be better if you'd just build an external search service? > > Getting a list of packages and descriptions should be possible no? > > (just asking, not 100% sure) > > That would be the idea. In fact preferably not build a service at all, > just pay someone $50/mo for hosted ElasticSearch, rip out the guts of > the old thing and write a small sync cron job similar to the one > existing in the Bitbucket repo I linked. > > The old PostgreSQL based system has been gone for awhile, and we already have ElasticSearch with a small cron job that runs every 3 hours to index the data. When we moved the database to Heroku this cronjob started taking 6+ hours to complete, because we were fetching data in too small of chunks which didn't actually hurt when the script and the database were running close to each other. That got "fixed" a day or two ago by increasing the size of the chunks we pulled from 1000 to 10000 and by switching to a SERIALIZABLE READ ONLY DEFERRABLE transaction so that we only needed to hold open a lock right at the very beginning which has the job finishing in 40 minutes now. I suspect further enhancements to the indexing speed will require? locating the script in EC2 to get it closer to the PostgreSQL instance. Given that these problems seem to be *new* since the move of the database to Heroku, I don't think the shape of our data in Elasticsearch nor the actual query we're using which hasn't changed should be at fault, so I've been trying to figure out what else we might have changed in the transition that would have caused it. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From benjaminrk at gmail.com Thu Sep 10 15:11:17 2015 From: benjaminrk at gmail.com (MinRK) Date: Thu, 10 Sep 2015 15:11:17 +0200 Subject: [Distutils] platform_python_implementation not implemented. Message-ID: Hello, I?m working on specifying dependencies for a project (IPython) that are dependent on the Python implementation - we want to depend on a package on CPython, but not on PyPy. I see from PEPs 345 and 426 and 496 that this should be available as platform_python_version environment marker, but when I try to use this in setup.py, it fails, claiming this is an invalid marker (setuptools 18.3.1). I discovered that pkg_resources has its own implementation of environment markers , which isn?t consistent with any PEPs describing them. pip uses markerlib, which does seem to implement PEP 345 correctly. The relevant difference in this case is that pkg_resources misspells platform_python_implementation as python_implementation, but it is not the only one. Due to the inconsistent implementations, I don?t think there?s a way to use this environment marker anywhere. It seems like the whole concept of environment markers is experimental, and it would be premature to adopt them for any packages in production. Is this the case? I found that when I run pip install ., the pkg_resources version is used, and it will balk at the correct platform_python_version as invalid. However, when I build a wheel and try to install it with pip install ipython-...whl, the pip version is used, and it balks at pkg_resources incorrect python_implementation. This conflict makes it impossible to use the marker, as far as I can tell. Has anyone been able to use the python implementation environment marker? I have a PR to setuptools to fix what seems to be some inconsistency with the PEPs while preserving the misspelling for backward-compatibility, but it?s not clear which metadata/env marker PEPs setuptools and/or pip are meant to support at this point. It?s also unclear why pkg_resources has its own implementation, instead of all participants using the shared _markerlib, which would at least avoid inconsistency. Thanks, -MinRK ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From dw+python-ideas at hmmz.org Thu Sep 10 15:51:49 2015 From: dw+python-ideas at hmmz.org (David Wilson) Date: Thu, 10 Sep 2015 13:51:49 +0000 Subject: [Distutils] [Python-ideas] PyPI search still broken In-Reply-To: References: <85h9n482sa.fsf@benfinney.id.au> <20150909230130.GA14415@k3> <20150910124746.GA18845@k3> Message-ID: <20150910135149.GA28704@k3> On Thu, Sep 10, 2015 at 09:31:13AM -0400, Donald Stufft wrote: > The old PostgreSQL based system has been gone for awhile, and we > already have ElasticSearch with a small cron job that runs every 3 > hours to index the data. That's awesome news. :) David From dpoirier at caktusgroup.com Thu Sep 10 15:57:51 2015 From: dpoirier at caktusgroup.com (Dan Poirier) Date: Thu, 10 Sep 2015 09:57:51 -0400 Subject: [Distutils] [Python-ideas] PyPI search still broken In-Reply-To: References: <87lhcl2viv.fsf@uwakimon.sk.tsukuba.ac.jp> <85h9n482sa.fsf@benfinney.id.au> <20150909230130.GA14415@k3> <20150910124746.GA18845@k3> Message-ID: Just curious, are we re-indexing the whole thing each time, or does it take 40 minutes to update the index for 3 hours' worth of changes? *Dan Poirier*Developer dpoirier at caktusgroup.com www.caktusgroup.com On Thu, Sep 10, 2015 at 9:31 AM, Donald Stufft wrote: > On September 10, 2015 at 8:48:05 AM, David Wilson ( > dw+python-ideas at hmmz.org) wrote: > > On Thu, Sep 10, 2015 at 03:07:14PM +0300, Ionel Cristian M?rie? wrote: > > > > > Wouldn't it be better if you'd just build an external search service? > > > Getting a list of packages and descriptions should be possible no? > > > (just asking, not 100% sure) > > > > That would be the idea. In fact preferably not build a service at all, > > just pay someone $50/mo for hosted ElasticSearch, rip out the guts of > > the old thing and write a small sync cron job similar to the one > > existing in the Bitbucket repo I linked. > > > > > > The old PostgreSQL based system has been gone for awhile, and we already > have ElasticSearch with a small cron job that runs every 3 hours to index > the data. > > When we moved the database to Heroku this cronjob started taking 6+ hours > to > complete, because we were fetching data in too small of chunks which didn't > actually hurt when the script and the database were running close to each > other. That got "fixed" a day or two ago by increasing the size of the > chunks > we pulled from 1000 to 10000 and by switching to a > SERIALIZABLE READ ONLY DEFERRABLE transaction so that we only needed to > hold > open a lock right at the very beginning which has the job finishing in 40 > minutes now. I suspect further enhancements to the indexing speed will > require > locating the script in EC2 to get it closer to the PostgreSQL instance. > > Given that these problems seem to be *new* since the move of the database > to > Heroku, I don't think the shape of our data in Elasticsearch nor the actual > query we're using which hasn't changed should be at fault, so I've been > trying > to figure out what else we might have changed in the transition that would > have > caused it. > > ----------------- > Donald Stufft > PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 > DCFA > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dholth at gmail.com Thu Sep 10 17:34:54 2015 From: dholth at gmail.com (Daniel Holth) Date: Thu, 10 Sep 2015 15:34:54 +0000 Subject: [Distutils] platform_python_implementation not implemented. In-Reply-To: References: Message-ID: That is too bad. markerlib was added to pkg_resources as _markerlib in 2012. It is used for .dist-info metadata as present in wheel. Then, only to implement markers to setup.py or .egg-info style metadata, pkg_resources gains its inline markers implementation in 2013, including its own definitions of the key/values used in environment marker comparisons. Dots switched to underscores in revision aa74cf234684 in the inline implementation and in revision 1fc8a2d94f9f for setuptools' vendored _markerlib. At some point bdist_wheel gained the ability to use setup.py-defined environment markers instead of reading them from a separate file, eliminating a problem keeping two sets of dependencies synchronized (since wheel needed markers, but existed before setup.py could accept environment markers). I would prefer to see _markerlib._VARS used everywhere, the inline pkg_resources implementation deleted, markerlib improved if necessary, and no backwards compatibility with unspecified environment marker variables. My hunch is that no one needs the backwards compatibility. On Thu, Sep 10, 2015 at 9:47 AM MinRK wrote: > Hello, > > I?m working on specifying dependencies for a project (IPython) that are > dependent on the Python implementation - we want to depend on a package on > CPython, but not on PyPy. I see from PEPs 345 > and 426 > and 496 > that this should be available > as platform_python_version environment marker, but when I try to use this > in setup.py, it fails, claiming this is an invalid marker (setuptools > 18.3.1). I discovered that pkg_resources has its own implementation of > environment markers > , > which isn?t consistent with any PEPs describing them. pip uses markerlib, > which does seem to implement PEP 345 correctly. The relevant difference in > this case is that pkg_resources misspells platform_python_implementation > as python_implementation, but it is not the only one. Due to the > inconsistent implementations, I don?t think there?s a way to use this > environment marker anywhere. It seems like the whole concept of environment > markers is experimental, and it would be premature to adopt them for any > packages in production. Is this the case? > > I found that when I run pip install ., the pkg_resources version is used, > and it will balk at the correct platform_python_version as invalid. > However, when I build a wheel and try to install it with pip install > ipython-...whl, the pip version is used, and it balks at pkg_resources > incorrect python_implementation. This conflict makes it impossible to use > the marker, as far as I can tell. Has anyone been able to use the python > implementation environment marker? > > I have a PR > > to setuptools to fix what seems to be some inconsistency with the PEPs > while preserving the misspelling for backward-compatibility, but it?s not > clear which metadata/env marker PEPs setuptools and/or pip are meant to > support at this point. It?s also unclear why pkg_resources has its own > implementation, instead of all participants using the shared _markerlib, > which would at least avoid inconsistency. > > Thanks, > -MinRK > ? > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pje at telecommunity.com Sat Sep 12 20:27:32 2015 From: pje at telecommunity.com (PJ Eby) Date: Sat, 12 Sep 2015 14:27:32 -0400 Subject: [Distutils] platform_python_implementation not implemented. In-Reply-To: References: Message-ID: On Thu, Sep 10, 2015 at 11:34 AM, Daniel Holth wrote: > That is too bad. markerlib was added to pkg_resources as _markerlib in 2012. > It is used for .dist-info metadata as present in wheel. Then, only to > implement markers to setup.py or .egg-info style metadata, pkg_resources > gains its inline markers implementation in 2013, including its own > definitions of the key/values used in environment marker comparisons. Dots > switched to underscores in revision aa74cf234684 in the inline > implementation and in revision 1fc8a2d94f9f for setuptools' vendored > _markerlib. To clarify: the Distribute fork of setuptools added _markerlib, but Distribute didn't support older version of Python as the official setuptools 0.6 did, which is why I added the inline version there. There was also active discussion at the time about changing the markers spec, as Nick was working on PEP 426. Previously, there were two other PEPs, 345 and 390, with their own not-quite compatible specs, and more recently there is now a PEP 496. So, there has never really been a stable standard for environment markers; all of the previous specs have had various ambiguities, underspecification, or excessive lenience. My hope at the time of the PEP 426 discussion was that we could define a *strict* grammar in place of a loose pseudo-grammar so that the spec would be robust to multiple implementations rather than forcing everyone to copy the quirks of one particular implementation (e.g. markerlib). Unfortunately, even PEP 496 is still a little underspecified: it doesn't even say what kinds of string literals are allowed, address encodings or character sets, etc. Is r"foo" a legal string expression? Can you use double-quotes? Backslash escaping? Adjacent string literal concatentation? But it's better than the previous versions, since the mini-language is no longer an ambiguously-defined subset of Python and thus can no longer be parsed using Python's built-in grammar, and probably not its lexer either. > I would prefer to see _markerlib._VARS used everywhere, the inline > pkg_resources implementation deleted, markerlib improved if necessary, and > no backwards compatibility with unspecified environment marker variables. My > hunch is that no one needs the backwards compatibility. It may have changed since when I added markers to the official setuptools, but I intentionally did not document the marker feature; it was experimental and added mainly to support setuptools' internal use case of including SSL backports on older Python versions to support easy_install checking SSL certs. So, anybody using it was (and perhaps is; I haven't looked lately) using an undocumented experimental feature rather than an officially supported one. In any case, if compatibility is broken, it should probably be done by switching to the much-stricter PEP 496, rather than one of its even-more-ambiguous predecessors. From qwcode at gmail.com Sun Sep 13 20:31:46 2015 From: qwcode at gmail.com (Marcus Smith) Date: Sun, 13 Sep 2015 11:31:46 -0700 Subject: [Distutils] turn down https://bitbucket.org/pypa/pypi-metadata-formats? Message-ID: I think we want to turn down https://bitbucket.org/pypa/pypi-metadata-formats? Since it's replaced by https://github.com/pypa/interoperability-peps I'm thinking we should migrate issues (and close the old ones with links to the new ones), and add a loud notification to the old readme. People are still updating and watching issues in the old tracker. It's confusing. I'm willing to help here. Marcus -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Sun Sep 13 20:32:38 2015 From: donald at stufft.io (Donald Stufft) Date: Sun, 13 Sep 2015 14:32:38 -0400 Subject: [Distutils] turn down https://bitbucket.org/pypa/pypi-metadata-formats? In-Reply-To: References: Message-ID: +1 On September 13, 2015 at 2:32:08 PM, Marcus Smith (qwcode at gmail.com) wrote: > I think we want to turn down > https://bitbucket.org/pypa/pypi-metadata-formats? > > Since it's replaced by https://github.com/pypa/interoperability-peps > > I'm thinking we should migrate issues (and close the old ones with links to > the new ones), and add a loud notification to the old readme. People are > still updating and watching issues in the old tracker. > > It's confusing. I'm willing to help here. > > Marcus > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From ncoghlan at gmail.com Mon Sep 14 08:07:54 2015 From: ncoghlan at gmail.com (Nick Coghlan) Date: Mon, 14 Sep 2015 16:07:54 +1000 Subject: [Distutils] turn down https://bitbucket.org/pypa/pypi-metadata-formats? In-Reply-To: References: Message-ID: On 14 September 2015 at 04:31, Marcus Smith wrote: > I think we want to turn down > https://bitbucket.org/pypa/pypi-metadata-formats? > > Since it's replaced by https://github.com/pypa/interoperability-peps > > I'm thinking we should migrate issues (and close the old ones with links to > the new ones), and add a loud notification to the old readme. People are > still updating and watching issues in the old tracker. > > It's confusing. I'm willing to help here. Aye, I've been meaning to close down the old one since "interoperability-peps" was set up to also encompass PyPI API PEPs, but have never managed to block out the time needed to actually do it. Thanks for getting that process started. Regards, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia From lists at florian-berger.de Mon Sep 14 10:08:32 2015 From: lists at florian-berger.de (Florian Berger) Date: Mon, 14 Sep 2015 10:08:32 +0200 Subject: [Distutils] Helping out with a support request Message-ID: <55F68080.8050405@florian-berger.de> Hi, I have recently filed a support request [1] on the Sourceforge tracker that the PyPI start page links to. (A package registered as a test from a since abandoned account is blocking registration of an actual package.) Browsing the tracker I found that it can take several months until a ticket is being dealt with. While I am perfectly happy to queue in line, I'd like to ask whether there is anything that I can do on my part to help get my package registered. Thanks, and kind regards, Florian [1] http://sourceforge.net/p/pypi/support-requests/536/ From jp at jamezpolley.com Wed Sep 16 09:47:21 2015 From: jp at jamezpolley.com (James Polley) Date: Wed, 16 Sep 2015 17:47:21 +1000 Subject: [Distutils] The future of env markers (was Re: platform_python_implementation not implemented.) Message-ID: On Sun, Sep 13, 2015 at 4:27 AM, PJ Eby wrote: > On Thu, Sep 10, 2015 at 11:34 AM, Daniel Holth wrote: > > That is too bad. markerlib was added to pkg_resources as _markerlib in > 2012. > > It is used for .dist-info metadata as present in wheel. Then, only to > > implement markers to setup.py or .egg-info style metadata, pkg_resources > > gains its inline markers implementation in 2013, including its own > > definitions of the key/values used in environment marker comparisons. > Dots > > switched to underscores in revision aa74cf234684 in the inline > > implementation and in revision 1fc8a2d94f9f for setuptools' vendored > > _markerlib. > > To clarify: the Distribute fork of setuptools added _markerlib, but > Distribute didn't support older version of Python as the official > setuptools 0.6 did, which is why I added the inline version there. > Several years later, setuptools no longer supports <2.6 (as I understand it, please correct me if I've missed something), and Jython now supports everything we need to be able to drop the inline version. > There was also active discussion at the time about changing the > markers spec, as Nick was working on PEP 426. Previously, there were > two other PEPs, 345 and 390, with their own not-quite compatible > specs, and more recently there is now a PEP 496. > I knew about 345 but 390 is new to me. *reads* Oh I see - https://www.python.org/dev/peps/pep-0390/#context-dependant-sections does describe something very similar. Thanks for that! > > So, there has never really been a stable standard for environment > markers; all of the previous specs have had various ambiguities, > underspecification, or excessive lenience. My hope at the time of the > PEP 426 discussion was that we could define a *strict* grammar in > place of a loose pseudo-grammar so that the spec would be robust to > multiple implementations rather than forcing everyone to copy the > quirks of one particular implementation (e.g. markerlib). > > Unfortunately, even PEP 496 is still a little underspecified: it > doesn't even say what kinds of string literals are allowed, address > encodings or character sets, etc. Is r"foo" a legal string > expression? I'm not sure what you mean by this. But I think my confusion is based on a point that I'll get to in a second.. Can you use double-quotes? Backslash escaping? > Adjacent string literal concatentation? But it's better than the > previous versions, since the mini-language is no longer an > ambiguously-defined subset of Python and thus can no longer be parsed > using Python's built-in grammar, and probably not its lexer either. > Actually, the draft implementation I put at [1] uses the ast module to parse the markers. At the time I wrote that I was under a misapprehension about the status of markerlib, so I hadn't read it (not even the version vendored into setuptools). After I wrote that draft I ended up looking at setuptools/_markerlib/markers.py[2] and realised that I'd written something very similar[3] Hence my confusion when reading "is r'foo' a legal string?" and so on - I hadn't even considered details like that because, although it's not longer described that way in the PEP, I'd still used the python parser for the implementation. I'm not sure what to do here; going back to defining it as a "subset of Python" seems like a backward step, but I'm struggling to see what benefit we'd get from the effort of more rigorously defining the grammar. Perhaps that's my inexperience showing though - I'm happy to take guidance from people who have been thinking about this for more than the 3 months or so since I started looking at it. [1] https://bitbucket.org/pypa/setuptools/pull-requests/141/implementation-of-pep-0496-environment [2] https://bitbucket.org/pypa/setuptools/src/121794c652a32aed899515b16227f13c2cd3d60a/_markerlib/markers.py?at=default&fileviewer=file-view-default [3] My current plan is to drop my implementation in setuptools and instead work on https://bitbucket.org/dholth/markerlib; once PEP-496 is accepted and markerlib implements it, we can rework setuptools (and pip, and anything else that needs to read markers) with the new version. > > > I would prefer to see _markerlib._VARS used everywhere, the inline > > pkg_resources implementation deleted, markerlib improved if necessary, > and > > no backwards compatibility with unspecified environment marker > variables. My > > hunch is that no one needs the backwards compatibility. > > It may have changed since when I added markers to the official > setuptools, but I intentionally did not document the marker feature; > it was experimental and added mainly to support setuptools' internal > use case of including SSL backports on older Python versions to > support easy_install checking SSL certs. So, anybody using it was > (and perhaps is; I haven't looked lately) using an undocumented > experimental feature rather than an officially supported one. > I had a small novel written here, but it was pointless. In summary, that you're correct to say that everyone using them markres an experimental feature (from PEP-426) rather than the officially documented one (in PEP-345) > > In any case, if compatibility is broken, it should probably be done by > switching to the much-stricter PEP 496, rather than one of its > even-more-ambiguous predecessors. > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jp at jamezpolley.com Wed Sep 16 10:24:52 2015 From: jp at jamezpolley.com (James Polley) Date: Wed, 16 Sep 2015 18:24:52 +1000 Subject: [Distutils] platform_python_implementation not implemented. In-Reply-To: References: Message-ID: So stepping back to the original question On Thu, Sep 10, 2015 at 11:11 PM, MinRK wrote: > Hello, > > I?m working on specifying dependencies for a project (IPython) that are > dependent on the Python implementation - we want to depend on a package on > CPython, but not on PyPy. I see from PEPs 345 > and 426 > and 496 > that this should be available > as platform_python_version environment marker, but when I try to use this > in setup.py, it fails, claiming this is an invalid marker (setuptools > 18.3.1). I discovered that pkg_resources has its own implementation of > environment markers > , > which isn?t consistent with any PEPs describing them. pip uses markerlib, > which does seem to implement PEP 345 correctly. The relevant difference in > this case is that pkg_resources misspells platform_python_implementation > as python_implementation, but it is not the only one. Due to the > inconsistent implementations, I don?t think there?s a way to use this > environment marker anywhere. It seems like the whole concept of environment > markers is experimental, and it would be premature to adopt them for any > packages in production. Is this the case? > Several OpenStack projects have started using markers to replace the previous hack of having separate requirements.txt files for py2 and py3. I don't think they've run into any issues, as long as the system interpreting the markers isn't relying on something crazy like the system-installed setuptools or pip, which can (on an LTS release) sometimes be very very old indeed. I'm not sure what that would mean for ipython's use-case. If you have a chance to stipulate (or document how to install recent versions of setuptools and pip you should be okay; if you need to support users on very old versions of python/pip/setuptools you might have problems. https://rbtcollins.wordpress.com/2015/07/12/bootstrapping-developer-environments-for-openstack/ has Rob Collin's suggestions on setting up a dev environment for OpenStack; he side-steps the issue of getting setuptools and pip up-to-date by just instruction the reader to install virtualenv from source and then use the source-installed version of virtualenv to create an environment that all further work can be done inside. Virtualenv bundles the latest pip and setuptools, so this is a simple way to make sure the user has a recent version of those tools, as well as a way to get away from any other outdated packages the user might have in their environment > I found that when I run pip install ., the pkg_resources version is used, > and it will balk at the correct platform_python_version as invalid. > However, when I build a wheel and try to install it with pip install > ipython-...whl, the pip version is used, and it balks at pkg_resources > incorrect python_implementation. This conflict makes it impossible to use > the marker, as far as I can tell. Has anyone been able to use the python > implementation environment marker? > Ouch. > I have a PR > > to setuptools to fix what seems to be some inconsistency with the PEPs > while preserving the misspelling for backward-compatibility, but it?s not > clear which metadata/env marker PEPs setuptools and/or pip are meant to > support at this point. It?s also unclear why pkg_resources has its own > implementation, instead of all participants using the shared _markerlib, > which would at least avoid inconsistency. > Thanks! > Thanks, > -MinRK > ? > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From madewokherd at gmail.com Thu Sep 17 01:22:39 2015 From: madewokherd at gmail.com (Vincent Povirk) Date: Wed, 16 Sep 2015 18:22:39 -0500 Subject: [Distutils] The future of env markers (was Re: platform_python_implementation not implemented.) In-Reply-To: References: Message-ID: > I'm not sure what to do here; going back to defining it as a "subset of > Python" seems like a backward step, but I'm struggling to see what benefit > we'd get from the effort of more rigorously defining the grammar. It'd mean that software not written in Python could more easily work with them. From dholth at gmail.com Thu Sep 17 03:23:10 2015 From: dholth at gmail.com (Daniel Holth) Date: Thu, 17 Sep 2015 01:23:10 +0000 Subject: [Distutils] wheel 0.25.0 released with Python 3.5 support Message-ID: With Nate's help, I've released wheel 0.25.0, which includes contributions from several contributors, and most notably fixes a Python 3.5 issue. Enjoy! Daniel Holth -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at ionelmc.ro Fri Sep 18 12:46:11 2015 From: contact at ionelmc.ro (=?UTF-8?Q?Ionel_Cristian_M=C4=83rie=C8=99?=) Date: Fri, 18 Sep 2015 13:46:11 +0300 Subject: [Distutils] wheel 0.25.0 released with Python 3.5 support In-Reply-To: References: Message-ID: Hey, It's still broken on 3.5. Can you merge https://bitbucket.org/pypa/wheel/pull-requests/59/fix-multi-entrypoint-failure-on-python-3/diff and make a new release? Thanks, -- Ionel Cristian M?rie?, On Thu, Sep 17, 2015 at 4:23 AM, Daniel Holth wrote: > With Nate's help, I've released wheel 0.25.0, which includes contributions > from several contributors, and most notably fixes a Python 3.5 issue. Enjoy! > > Daniel Holth > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tleeuwenburg at gmail.com Fri Sep 18 02:15:31 2015 From: tleeuwenburg at gmail.com (Tennessee Leeuwenburg) Date: Fri, 18 Sep 2015 10:15:31 +1000 Subject: [Distutils] PEP for dependencies on libraries like BLAS Message-ID: Hi all, Sorry for the necropost :) "Life" has been happening and I wasn't monitoring the discussion of the dependency PEP for a while. I have been reviewing the discussion here. I thought I'd clear up a few things from my perspective. Regarding practical examples: https://youtu.be/Fqknoni5aX0?list=PLs4CJRBY5F1KMMpoEWMuBRvHvjBJeAJoS&t=371 Here is Lex Hider demonstrating some of the issues he faced. I don't think he ran into BLAS issues as such, but it shows how much work can be required to install some packages. At some point I should take a transcript of this and write it up as a post, and adjust the PEP to use this as a real-world motivating argument to remove argument about whether the underlying problem of external dependencies is a 'real' problem or not. I fully agree it is important to have a genuine example, and that would be a big improvement. Regarding the connection to yum/deb/conda etc, my initial thought was actually to specify package names rather than header files, but I was convinced that supplying the missing header files was ultimately more useful. This is, in part, because library names are more consistent than package names across systems. On the other hand, I was still uncertain about what happens if two libraries have the same name but different functionality, you might want to refer to the package name instead. Regarding whether this is a maintenance nightmare for authors who need to understand a complex set of deploy environments. I don't really think so. Typically, an author will have one 'primary' environment, often a Linux platform, which will tend to 'just work' because the author is working in that framework. Often, it's only a small number of dependencies that need to be declared, and it's about giving package authors a 'release valve' to manually handle exceptions where there are package issues. Regarding 'boil the ocean' -- I think that's only true when this PEP is taken to be trying to "solve all dependency interactions". In fact, it's more about letting authors handle common, known issues on specific platforms. That's my view anyway. I know if I had this for my packages, just having one or two of these declared would handle a lot of problems. -------------- next part -------------- An HTML attachment was scrubbed... URL: From reinout at vanrees.org Sun Sep 20 23:10:37 2015 From: reinout at vanrees.org (Reinout van Rees) Date: Sun, 20 Sep 2015 23:10:37 +0200 Subject: [Distutils] PEP for dependencies on libraries like BLAS In-Reply-To: References: Message-ID: Op 18-09-15 om 02:15 schreef Tennessee Leeuwenburg: > Regarding 'boil the ocean' -- I think that's only true when this PEP > is taken to be trying to "solve all dependency interactions". In fact, > it's more about letting authors handle common, known issues on > specific platforms. That's my view anyway. I know if I had this for my > packages, just having one or two of these declared would handle a lot > of problems. Perhaps a simple test case would be to get certain packages to work/build/test on travis-ci.org. I've spend quite some hours this week to get one of my own packages to build there and I didn't succeed. Well, let me rephrase that: I managed to get three packages working without any real problems, but one of them defied my efforts. It is the typical difficult usecase of a package that needs psycopg2, mapnik, matplotlib, PIL(LOW), numpy, scipy and so. I use buildout with the "syseggrecipe" that can re-use globally installed packages. I could install psycopg2 with pip by first de-activating the standard travis-ci virtualenv. With the new sudo-less infrastructure I could install matplotlib and numpy globally with an apt-get call. My memory is fuzzy right now, but I think I also installed two libraries from within buildout after installing the appropriate header files. Only mapnik failed because I couldn't install some header files and there was no wheel and other alternatives failed, too. In any case: such a mix of wheel/apt-get/compile with several tools should ideally be stripped down to just one or two methods. Reinout -- Reinout van Rees http://reinout.vanrees.org/ reinout at vanrees.org http://www.nelen-schuurmans.nl/ "Learning history by destroying artifacts is a time-honored atrocity" From torque.india at gmail.com Sun Sep 20 21:43:58 2015 From: torque.india at gmail.com (OmPs) Date: Mon, 21 Sep 2015 01:13:58 +0530 Subject: [Distutils] Fwd: error while installing using pip. In-Reply-To: References: Message-ID: Hi all, I am getting the below error while I am trying to install atfork package from pip repositories. I have done a thorough google search but am not able to find and appropriate solution for it.Installation of SSL packages and ssl package from python too do not solve the mystry. # pip install --allow-external atfork atforkCollecting atfork Could not find a version that satisfies the requirement atfork (from versions: ) Some insecure and unverifiable files were ignored (use --allow-unverified atfork to allow). No matching distribution found for atfork It says no matching distribution, but at pypi repo I am able to see it. https://pypi.python.org/pypi/atfork/0.1.2 -------------- next part -------------- An HTML attachment was scrubbed... URL: From p.f.moore at gmail.com Mon Sep 21 00:06:00 2015 From: p.f.moore at gmail.com (Paul Moore) Date: Sun, 20 Sep 2015 23:06:00 +0100 Subject: [Distutils] Fwd: error while installing using pip. In-Reply-To: References: Message-ID: On 20 September 2015 at 20:43, OmPs wrote: > It says no matching distribution, but at pypi repo I am able to see it. > > https://pypi.python.org/pypi/atfork/0.1.2 However, there are no download files available. The home page says that the project has been abandoned. Paul From jp at jamezpolley.com Mon Sep 21 00:08:46 2015 From: jp at jamezpolley.com (James Polley) Date: Mon, 21 Sep 2015 08:08:46 +1000 Subject: [Distutils] Fwd: error while installing using pip. In-Reply-To: References: Message-ID: As the message says: "Some insecure and unverifiable files were ignored (use --allow-unverified atfork to allow)." https://pypi.python.org/pypi/atfork/0.1.2 has information about the package, but there's no distribution (it's confusing, but in this context when pip says "distribution" it means "file containing the package"). So there's metadata about the package, but no distribution to download. Following the link to https://github.com/google/python-atfork reveals that the last work on this package was 6 years ago - except for an update to the README earlier this year which formally notes that work on the project has been abandoned. The setup.pylists http://code.google.com/p/python-atfork/ as the project's homepage. I'm going to guess that until recently the release artifacts may have been stored there, and they haven't been migrated to Github? I'd be thinking about not relying on this 6-year-abandoned project, but if you need it, I think you're probably going to have to install this from source - https://pip.pypa.io/en/latest/reference/pip_install/#git has information about installing directly from a git repo. On Mon, Sep 21, 2015 at 5:43 AM, OmPs wrote: > > > Hi all, > > I am getting the below error while I am trying to install atfork package > from pip repositories. I have done a thorough google search but am not able > to find and appropriate solution for it.Installation of SSL packages and > ssl package from python too do not solve the mystry. > > # pip install --allow-external atfork atforkCollecting atfork > Could not find a version that satisfies the requirement atfork (from > versions: ) > Some insecure and unverifiable files were ignored (use > --allow-unverified atfork to allow). > No matching distribution found for atfork > > > It says no matching distribution, but at pypi repo I am able to see it. > > https://pypi.python.org/pypi/atfork/0.1.2 > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dholth at gmail.com Mon Sep 21 04:43:48 2015 From: dholth at gmail.com (Daniel Holth) Date: Mon, 21 Sep 2015 02:43:48 +0000 Subject: [Distutils] wheel 0.25.0 released with Python 3.5 support In-Reply-To: References: Message-ID: See 0.26.0 On Fri, Sep 18, 2015, 6:46 AM Ionel Cristian M?rie? wrote: > Hey, > > It's still broken on 3.5. Can you merge > https://bitbucket.org/pypa/wheel/pull-requests/59/fix-multi-entrypoint-failure-on-python-3/diff > and make a new release? > > Thanks, > -- Ionel Cristian M?rie?, > > On Thu, Sep 17, 2015 at 4:23 AM, Daniel Holth wrote: > >> With Nate's help, I've released wheel 0.25.0, which includes >> contributions from several contributors, and most notably fixes a Python >> 3.5 issue. Enjoy! >> >> Daniel Holth >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From nate at bx.psu.edu Mon Sep 21 17:33:59 2015 From: nate at bx.psu.edu (Nate Coraor) Date: Mon, 21 Sep 2015 11:33:59 -0400 Subject: [Distutils] Working toward Linux wheel support In-Reply-To: References: Message-ID: Hi all, I think Nathaniel raised a lot of important points below and I do see the case for a "base environment" meta tag. The implementation of sniffing out those environments on a wide array of systems may be complicated, but perhaps we can, er, borrow from conda here. I do think the glibc tag is useful as well, although it may be unnecessary if there's a way to deal with the glibc version in a base environment. However, I don't think I'm qualified to make a decision on what direction to go, and I'd like to work on updating PEP 425 for improved platform tags. So, I'm hoping to kickstart the discussion again and see if we can get a consensus on what to do. One proposal - if PEP 425 were updated to indicate that the platform tag can be more than simply `distutils.util.get_platform()`, and some language as to its intent, without specifying exactly what it must be, we could separate out the exact details into the packaging documentation as Nick has suggested. --nate On Wed, Sep 9, 2015 at 7:49 PM, Nathaniel Smith wrote: > On Wed, Sep 9, 2015 at 8:06 AM, Nate Coraor wrote: > > On Tue, Sep 8, 2015 at 10:10 PM, Nathaniel Smith wrote: > >> > >> On Mon, Sep 7, 2015 at 9:02 AM, Donald Stufft wrote: > >> > On September 3, 2015 at 1:23:03 PM, Nate Coraor (nate at bx.psu.edu) > wrote: > >> >> >>> > >> >> >>> I'll create PRs for this against wheel and pip shortly. I can > also > >> >> >>> work > >> >> >>> on a PEP for the platform tag - I don't think it's going to need > to > >> >> >>> be a > >> >> >>> big one. Are there any preferences as to whether this should be a > >> >> >>> new PEP > >> >> >>> or an update to 425? > >> >> >>> > >> > > >> > Coming back to this, I'm wondering if we should include the libc > >> > implementation/version in a less generic, but still generic linux > wheel. > >> > Right > >> > now if you staticly link I think the only platform ABIs you need to > >> > worry about > >> > are libc and Python itself. Python itself is handled already but libc > is > >> > not. > >> > The only thing I've seen so far is "build on an old enough version of > >> > glibc > >> > that it handles anything sane", but not all versions of Linux even use > >> > glibc at > >> > all. > >> > >> This feels kinda half-baked to me? > >> > >> "linux" is a useful tag because it has a clear meaning: "there exists > >> a linux system somewhere that can run this, but no guarantees about > >> which one, good luck". When building a wheel it's easy to tell whether > >> this tag can be correctly applied. > > > > > > I'm not sure how it'd be possible to tell. The same meaning for a generic > > tag would be true of any wheel built, regardless of whether the wheel has > > dependencies in addition to libc. > > Sure... my point is just that "linux" is unambiguous and fills a > niche: it unambiguously says "you're on your own", and sometimes > that's the best we can hope to say. > > >> Distro-specific tags are useful because they also have a fairly clear > >> meaning: "here's a specific class of systems that can run this, so > >> long as you install enough packages to fulfill the external > >> dependencies". Again, when building a wheel it's pretty easy to tell > >> whether this tag can be correctly applied. (Of course someone could > >> screw this up, e.g. by building on a system is technically distro X > >> but has some incompatible hand-compiled libraries installed, but 99% > >> of the time we can guess correctly.) > >> > >> If we define a LSB-style base system and give it a tag, like I don't > >> know, the "Python base environment", call it "linux_pybe1_core" or > >> something, that describes what libraries are and aren't available and > >> their ABIs, and provide docs/tooling to help people explicitly create > >> such wheels and check whether they're compatible with their system, > >> then this is also useful -- we have proof that this is sufficient to > >> actually distribute arbitrary software usefully, given that multiple > >> distributors have converged on this strategy. (I've been talking to > >> some people off-list about maybe actually putting together a proposal > >> like this...) > >> > >> To me "linux_glibc_2.18" falls between the cracks though. If this > >> starts being what you get by default when you build a wheel, then > >> people will use it for wheels that are *not* statically linked, and > >> what that tag will mean is "there exists some system that can run > >> this, and that has glibc 2.18 on it, and also some other unspecified > >> stuff, good luck". Which is pretty useless -- we might as well just > >> stick with "linux" in this case. OTOH if it's something that builders > >> have to opt into, then we could document that it's only to be used for > >> wheels that are statically linked except for glibc, and make it mean > >> "*any* system which has glibc 2.18 or later on it can run this". Which > >> would be useful in some cases. > > > > > > This is a tooling issue. If wheel (the package) inspects the built .so > files > > and finds they are not dynamically linked to anything not included with > > glibc, it can apply the glibc tag. Otherwise, it'd apply the distro tag. > > There's no possibility for human error here, unless they explicitly > override > > the platform tag. > > > >> > >> But at this point it's basically a > >> version of the "defined base environment" approach, and once you've > >> gone that far you might as well take advantage of the various > >> distributors' experience about what should actually be in that > >> environment -- glibc isn't enough. > > > > While I agree that glibc isn't always enough, defining a base environment > > that may not be met by the "standard" install of popular distributions > makes > > unprivileged wheel installation much more difficult. > > Yeah, which is why my suggestion is that we steal the "base > environment" definition from the folks like Continuum and Enthought > who have already done the work of determining what is in the > "standard" install of popular distributions, and have spent years > actually distributing packages to unprivileged users :-). > > > It's also not going to > > work out of the box on older distributions that wouldn't provide whatever > > standardized mechanism is defined for a list of "base environments > currently > > provided by this system" (unless pip does the work itself at runtime to > > determine whether a base environment is met). > > Right -- which is basically what pip will have to do to figure out the > current glibc version too, right? > > Trying to guess whether the installed versions of several libraries > are really ABI compatible with what we expect is harder than trying to > guess whether the installed version of glibc alone is really ABI > compatible with what we expect, but in both cases it's basically a > heuristic (some distros could have local patches to their glibc that > break ABI, who knows) and in both cases it's basically safe to just > assume it will work (because if we stick to libraries that other > distributors are already depending on then we have years of experience > that it pretty much always works). > > > Maybe an important question: > > how many popular packages with C Extensions have dependencies in > addition to > > glibc? > > Certainly enough that the major distributors of binary packages on > Linux, like Continuum and Enthought, have decided that they need to > require more than glibc :-). > > libstdc++ is an example of one particularly common external dependency. > > To be clear: if you're talking specifically about the model where we > validate that the extensions are statically linked before we enable > the glibc tag, then I don't think it will do any harm to have it as an > option. It just seems redundant with the more general solution. > > -n > > -- > Nathaniel J. Smith -- http://vorpus.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at baddogconsulting.com Tue Sep 22 00:29:22 2015 From: bill at baddogconsulting.com (Bill Deegan) Date: Mon, 21 Sep 2015 15:29:22 -0700 Subject: [Distutils] Can't re-upload package? Message-ID: Greetings, I recently uploaded version 2.4.0 of SCons. For some reason pip wasn't installing 2.4.0 but was pulling 2.3.6 so I figured I'd delete the release and re-upload. Then I get the following errors: Submitting dist/scons-2.4.0.tar.gz to https://pypi.python.org/pypi Upload failed (400): This filename has previously been used, you should use a different version. error: Upload failed (400): This filename has previously been used, you should use a different version. Do I really need to cut a whole new release (to change version #) to re-upload to pypi? -Bill -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at ionelmc.ro Tue Sep 22 00:47:14 2015 From: contact at ionelmc.ro (=?UTF-8?Q?Ionel_Cristian_M=C4=83rie=C8=99?=) Date: Tue, 22 Sep 2015 01:47:14 +0300 Subject: [Distutils] Can't re-upload package? In-Reply-To: References: Message-ID: Yes, you need to make a new release. This is enforced for security purposes (so you can't swap out code for releases that people deemed safe). If you don't want to make a patch release (1.2.X) and your change doesn't change anything functionally you could make a "post release": https://www.python.org/dev/peps/pep-0440/#post-releases Thanks, -- Ionel Cristian M?rie?, http://blog.ionelmc.ro On Tue, Sep 22, 2015 at 1:29 AM, Bill Deegan wrote: > Greetings, > > I recently uploaded version 2.4.0 of SCons. > For some reason pip wasn't installing 2.4.0 but was pulling 2.3.6 so I > figured I'd delete the release and re-upload. > > Then I get the following errors: > Submitting dist/scons-2.4.0.tar.gz to https://pypi.python.org/pypi > Upload failed (400): This filename has previously been used, you should > use a different version. > error: Upload failed (400): This filename has previously been used, you > should use a different version. > > Do I really need to cut a whole new release (to change version #) to > re-upload to pypi? > > -Bill > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From robertc at robertcollins.net Tue Sep 22 02:37:29 2015 From: robertc at robertcollins.net (Robert Collins) Date: Tue, 22 Sep 2015 12:37:29 +1200 Subject: [Distutils] Did https://mail.python.org/pipermail/python-list/2008-June/467441.html get an answer? Message-ID: I'd like to be able to robustly deal with PKG-INFO and METADATA in pbr, and right now we depend on locale.getpreferredencoding()... if we could depend on utf8 or something that would be great. -Rob -- Robert Collins Distinguished Technologist HP Converged Cloud From dholth at gmail.com Tue Sep 22 03:07:15 2015 From: dholth at gmail.com (Daniel Holth) Date: Tue, 22 Sep 2015 01:07:15 +0000 Subject: [Distutils] Did https://mail.python.org/pipermail/python-list/2008-June/467441.html get an answer? In-Reply-To: References: Message-ID: It's a bug if bdist_wheel generates anything other than utf-8 METADATA. On Mon, Sep 21, 2015, 8:37 PM Robert Collins wrote: > I'd like to be able to robustly deal with PKG-INFO and METADATA in > pbr, and right now we depend on locale.getpreferredencoding()... if we > could depend on utf8 or something that would be great. > > -Rob > > -- > Robert Collins > Distinguished Technologist > HP Converged Cloud > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From robertc at robertcollins.net Tue Sep 22 03:44:04 2015 From: robertc at robertcollins.net (Robert Collins) Date: Tue, 22 Sep 2015 13:44:04 +1200 Subject: [Distutils] Did https://mail.python.org/pipermail/python-list/2008-June/467441.html get an answer? In-Reply-To: References: Message-ID: On 22 September 2015 at 13:07, Daniel Holth wrote: > It's a bug if bdist_wheel generates anything other than utf-8 METADATA. Cool. And PKG-INFO ? -Rob -- Robert Collins Distinguished Technologist HP Converged Cloud From donald at stufft.io Thu Sep 24 18:03:36 2015 From: donald at stufft.io (Donald Stufft) Date: Thu, 24 Sep 2015 12:03:36 -0400 Subject: [Distutils] PEP 503 - Simple Repository API In-Reply-To: References: <55EAB949.6030603@egenix.com> <55EDFC0B.7000200@egenix.com> Message-ID: On September 7, 2015 at 9:38:00 PM, Donald Stufft (donald at stufft.io) wrote: > > I'm OK with adding the attribute to links, though we should still > mandate the > location. Neither pip nor setuptools will do anything with the > PGP signatures > but some other tooling might. The legacy behavior of "just try > the link" will > still work then, and if someone wants to do it more efficiently > the attribute > is there. I'm not sure it's going to be generally useful since > the signing on > PyPI doesn't really have a coherent threat model so it doesn't > really protect > against much. I?ve gone ahead and done this (see?https://hg.python.org/peps/rev/9090e66cc8c7). I?m going to go ahead and accept this PEP now. I think any further modifications are going to go too far beyond the goal of documenting the current state of the API and would require PEPs in their own right. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA From guettliml at thomas-guettler.de Sun Sep 27 12:20:51 2015 From: guettliml at thomas-guettler.de (=?UTF-8?Q?Thomas_G=c3=bcttler?=) Date: Sun, 27 Sep 2015 12:20:51 +0200 Subject: [Distutils] README.rst vs DESCRIPTION.rst Message-ID: <5607C303.1040201@thomas-guettler.de> Zen of Python: There should be one-- and preferably only one --obvious way to do it. I would like to find a default for the description file of a python package. The sampleproject uses DESCRIPTION.rst https://github.com/pypa/sampleproject/blob/master/setup.py But I guess it is more common to use README.rst. For example django uses this file name. Any good reason to **not** use README.rst but a different name like DESCRIPTION.rst? Of course anyone can use the name he wants. I just want an agreement for the name to make life easier for newcomers. I will check this mail thread in a week or two and write a pull request to https://github.com/pypa/sampleproject/blob/master/setup.py if there is an agreement. If an agreement was found, which other documents should be updated? Regards, Thomas G?ttler -- http://www.thomas-guettler.de/ From p.f.moore at gmail.com Sun Sep 27 13:06:12 2015 From: p.f.moore at gmail.com (Paul Moore) Date: Sun, 27 Sep 2015 12:06:12 +0100 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: <5607C303.1040201@thomas-guettler.de> References: <5607C303.1040201@thomas-guettler.de> Message-ID: On 27 September 2015 at 11:20, Thomas G?ttler wrote: > Any good reason to **not** use README.rst but a different > name like DESCRIPTION.rst? If I recall, the reason for using DESCRIPTION.rst is that README.rst is used by other tools (for example, github) and it's not immediately obvious that the same content is applicable for both cases. In practice, the sample project is not expected to be treated as definitive, so I don't think it matters that much if people use a different name. I'd rather the example uses DESCRIPTION.rst, as that way beginners don't end up confused if they find their package long_description being used in places they didn't intend. Conversely, it's relatively easy to see that if they want to use README.rst for the file, all they have to do is change the name and edit setup.py in one place. It's not a big deal either way, though (and probably not even worth the time I spent writing this email to debate about it!! :-)) Paul From guettliml at thomas-guettler.de Sun Sep 27 19:05:56 2015 From: guettliml at thomas-guettler.de (=?UTF-8?Q?Thomas_G=c3=bcttler?=) Date: Sun, 27 Sep 2015 19:05:56 +0200 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: References: <5607C303.1040201@thomas-guettler.de> Message-ID: <560821F4.3070205@thomas-guettler.de> Am 27.09.2015 um 13:06 schrieb Paul Moore: > On 27 September 2015 at 11:20, Thomas G?ttler > wrote: >> Any good reason to **not** use README.rst but a different >> name like DESCRIPTION.rst? > > If I recall, the reason for using DESCRIPTION.rst is that README.rst > is used by other tools (for example, github) and it's not immediately > obvious that the same content is applicable for both cases. I don't see a use case to have both files. > In practice, the sample project is not expected to be treated as > definitive, so I don't think it matters that much if people use a > different name. OK, the sample project is not the definitive guide line. Where can I find the definitive guide line? > I'd rather the example uses DESCRIPTION.rst, as that > way beginners don't end up confused if they find their package > long_description being used in places they didn't intend. I am not a beginner. From time to time a try to set on beginner glasses and try to see the world with beginner eyes. I guess I am good at this. Maybe that's because I am the father of disabled child. I guess a beginner wants **one** file. And a beginner wants this file to be rendered on the frontpage if he uses github. > Conversely, > it's relatively easy to see that if they want to use README.rst for > the file, all they have to do is change the name and edit setup.py in > one place. I know. > It's not a big deal either way, though (and probably not even worth > the time I spent writing this email to debate about it!! :-)) Yes it is not a big deal. It is just one small stone laying around on the road to make python more easy for beginners. Paul, please tell me your choice: README.rst or DESCRIPTION.rst. Which one do you prefer to be used in setup.py of the example project? Regards, Thomas G?ttler -- http://www.thomas-guettler.de/ From contact at ionelmc.ro Sun Sep 27 20:18:58 2015 From: contact at ionelmc.ro (=?UTF-8?Q?Ionel_Cristian_M=C4=83rie=C8=99?=) Date: Sun, 27 Sep 2015 21:18:58 +0300 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: <560821F4.3070205@thomas-guettler.de> References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> Message-ID: On Sun, Sep 27, 2015 at 8:05 PM, Thomas G?ttler < guettliml at thomas-guettler.de> wrote: > > OK, the sample project is not the definitive guide line. > Where can I find the definitive guide line? ?I don't think there can be a "definitive guide line"?. Unlike the core language the packaging part of Python is a messy soup of different and often competing ideas, styles and tools. So you cannot have an definitive or objective guide for something that's subjective in nature. About the README vs DESCRIPTION - ask yourself, what would you use README for then? I believe that's absolutely nothing. You only need one. :-) Thanks, -- Ionel Cristian M?rie?, http://blog.ionelmc.ro -------------- next part -------------- An HTML attachment was scrubbed... URL: From p.f.moore at gmail.com Sun Sep 27 21:00:20 2015 From: p.f.moore at gmail.com (Paul Moore) Date: Sun, 27 Sep 2015 20:00:20 +0100 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: <560821F4.3070205@thomas-guettler.de> References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> Message-ID: On 27 September 2015 at 18:05, Thomas G?ttler wrote: >> In practice, the sample project is not expected to be treated as >> definitive, so I don't think it matters that much if people use a >> different name. > > OK, the sample project is not the definitive guide line. > Where can I find the definitive guide line? I think you're misunderstanding what I meant by "definitive". It's a guideline, yes. But guidelines aren't definitive (by definition) - they are for guidance, and people can use something different if they prefer. The nearest you'll find to a "definitive" answer is in the packaging user guide, which says to supply a README.rst, and a long_description argument to setup.py. It doesn't say whether the two should be required to have the same content (IMO, they shouldn't) or how you supply the data for the long_description argument. The sample project (referred to from packaging.python.org) chooses to implement long_description by reading it from a file called DESCRIPTION.rst, because that's what seemed convenient to me when I wrote it. But you're welcome to do something different if you prefer - and if you do so you'll still be in line with the guidelines in the packaging user guide (if conforming to those guidelines matters to you). > Paul, please tell me your choice: README.rst or DESCRIPTION.rst. Which > one do you prefer to be used in setup.py of the example project? I preferred DESCRIPTION.rst. That's why I created it with that name :-) Mainly because I don't believe that a project README and the package's long_description are necessarily the same thing. Now, I mostly don't care. Paul From graffatcolmingov at gmail.com Sun Sep 27 23:20:52 2015 From: graffatcolmingov at gmail.com (Ian Cordasco) Date: Sun, 27 Sep 2015 16:20:52 -0500 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> Message-ID: On Sun, Sep 27, 2015 at 1:18 PM, Ionel Cristian M?rie? wrote: > > On Sun, Sep 27, 2015 at 8:05 PM, Thomas G?ttler > wrote: >> >> >> OK, the sample project is not the definitive guide line. >> Where can I find the definitive guide line? > > > I don't think there can be a "definitive guide line". Unlike the core > language the packaging part of Python is a messy soup of different and often > competing ideas, styles and tools. > > So you cannot have an definitive or objective guide for something that's > subjective in nature. > > About the README vs DESCRIPTION - ask yourself, what would you use README > for then? I believe that's absolutely nothing. You only need one. :-) I tend to disagree. Your project's long description doesn't need detailed instructions on how to start contributing, reporting bugs, etc. That should be in your README and documentation/project website. I don't think that having two separate files is a problem. You could even use the include directive from reStructuredText so that your README includes your description without duplicating the content. I haven't previously followed this guideline, but I think I'm going to start. I quite like it. From contact at ionelmc.ro Sun Sep 27 23:55:00 2015 From: contact at ionelmc.ro (=?UTF-8?Q?Ionel_Cristian_M=C4=83rie=C8=99?=) Date: Mon, 28 Sep 2015 00:55:00 +0300 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> Message-ID: On Mon, Sep 28, 2015 at 12:20 AM, Ian Cordasco wrote: > Your project's long description doesn't need > detailed instructions on how to start contributing, reporting bugs, > etc. > ?What would you put in README then? For contribution/bucktracker guide CONTRIBUTING.rst/md is a better place - GitHub loves it. But who cares, no one uses GitHub nowdays :)? Thanks, -- Ionel Cristian M?rie?, http://blog.ionelmc.ro -------------- next part -------------- An HTML attachment was scrubbed... URL: From graffatcolmingov at gmail.com Mon Sep 28 00:13:08 2015 From: graffatcolmingov at gmail.com (Ian Cordasco) Date: Sun, 27 Sep 2015 17:13:08 -0500 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> Message-ID: On Sun, Sep 27, 2015 at 4:55 PM, Ionel Cristian M?rie? wrote: > > On Mon, Sep 28, 2015 at 12:20 AM, Ian Cordasco > wrote: >> >> Your project's long description doesn't need >> detailed instructions on how to start contributing, reporting bugs, >> etc. > > > What would you put in README then? > > For contribution/bucktracker guide CONTRIBUTING.rst/md is a better place - > GitHub loves it. But who cares, no one uses GitHub nowdays :) Ah, the patented sarcasm that's always so helpful. The README is typically (harkening back to pre-GitHub days) where one lays out the relevant information for other developers and for users in one easy to find place. Looking for the contributing guidelines? Go read the CONTRIBUTING file. Looking for how to build the project on X operating system? Go read X file. When well designed, this can still be the front page of a project for the websites that display it as such (GitHub, BitBucket, GitLab, etc.). Take for example: https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md. It's description lives there, sure, but there's a lot more information there than that. All of that said, as Paul said, it's a guideline. Just like PEP-0008. Follow it, or don't. There's not much point in arguing this further. From setuptools at bugs.python.org Mon Sep 28 08:34:16 2015 From: setuptools at bugs.python.org (Tomas Dabasinskas) Date: Mon, 28 Sep 2015 06:34:16 +0000 Subject: [Distutils] [issue162] Setuptools fails with MemoryError when using dependency_links Message-ID: <1443422056.7.0.674192532105.issue162@psf.upfronthosting.co.za> New submission from Tomas Dabasinskas: In my setup.py I'm using dependency_links where I specify locations of packages I've built using setup.py sdist. When I run python setup.py develop to download, build and install those packages, I'm getting an error (please see attached) If I go ahead and run: (pantheon)[tomas at tomo-laptop pantheon-frontend-0.2]$ python setup.py -q bdist_egg --dist-dir /tmp/easy_install-cRdc3D/pantheon-frontend-0.2/egg-dist-tmp-hIIz0x it works fine... I've tried updating setuptools, but it's still the same $ pip install setuptools --upgrade Collecting setuptools Using cached setuptools-18.3.2-py2.py3-none-any.whl Installing collected packages: setuptools Found existing installation: setuptools 12.0.5 Uninstalling setuptools-12.0.5: Successfully uninstalled setuptools-12.0.5 Successfully installed setuptools-18.3.2 ---------- files: log messages: 750 nosy: tomas priority: bug status: unread title: Setuptools fails with MemoryError when using dependency_links Added file: http://bugs.python.org/setuptools/file175/log _______________________________________________ Setuptools tracker _______________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: log Type: application/octet-stream Size: 8090 bytes Desc: not available URL: From chris.barker at noaa.gov Mon Sep 28 17:18:56 2015 From: chris.barker at noaa.gov (Chris Barker - NOAA Federal) Date: Mon, 28 Sep 2015 08:18:56 -0700 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> Message-ID: <-5734823428505321770@unknownmsgid> Sent from my iPhone On Sep 27, 2015, at 11:19 AM, Ionel Cristian M?rie? wrote: On Sun, Sep 27, 2015 at 8:05 PM, Thomas G?ttler ?I don't think there can be a "definitive guide line"?. Unlike the core language the packaging part of Python is a messy soup of different and often competing ideas, styles and tools. Which is EXACTLY why there should be one set of best-practices recommendations that are the same in all the "official" docs. I think one Readme.rst is the way to go. If you want to provide contribution guidelines, etc. they should be in a separate locations, referenced by the Readme. -Chris So you cannot have an definitive or objective guide for something that's subjective in nature. About the README vs DESCRIPTION - ask yourself, what would you use README for then? I believe that's absolutely nothing. You only need one. :-) Thanks, -- Ionel Cristian M?rie?, http://blog.ionelmc.ro _______________________________________________ Distutils-SIG maillist - Distutils-SIG at python.org https://mail.python.org/mailman/listinfo/distutils-sig -------------- next part -------------- An HTML attachment was scrubbed... URL: From qwcode at gmail.com Mon Sep 28 18:47:17 2015 From: qwcode at gmail.com (Marcus Smith) Date: Mon, 28 Sep 2015 09:47:17 -0700 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: <-5734823428505321770@unknownmsgid> References: <5607C303.1040201@thomas-guettler.de> <560821F4.3070205@thomas-guettler.de> <-5734823428505321770@unknownmsgid> Message-ID: although I can see the value of distinguishing a description vs readme file, I can also see that it's confusing enough to make me want the sample project to just have a readme for simplicity (and maybe just mention the distinction as a possibility) I opened an issue here https://github.com/pypa/sampleproject/issues/31 I'd inclined to merge the change if someone posted a PR, or eventually get to it myself On Mon, Sep 28, 2015 at 8:18 AM, Chris Barker - NOAA Federal < chris.barker at noaa.gov> wrote: > > > Sent from my iPhone > > On Sep 27, 2015, at 11:19 AM, Ionel Cristian M?rie? > wrote: > > > On Sun, Sep 27, 2015 at 8:05 PM, Thomas G?ttler < > guettliml at thomas-guettler. > ?I don't think there can be a "definitive guide line"?. Unlike the core > language the packaging part of Python is a messy soup of different and > often competing ideas, styles and tools. > > > Which is EXACTLY why there should be one set of best-practices > recommendations that are the same in all the "official" docs. > > I think one Readme.rst is the way to go. > > If you want to provide contribution guidelines, etc. they should be in a > separate locations, referenced by the Readme. > > -Chris > > > > So you cannot have an definitive or objective guide for something that's > subjective in nature. > > About the README vs DESCRIPTION - ask yourself, what would you use README > for then? I believe that's absolutely nothing. You only need one. :-) > > > > Thanks, > -- Ionel Cristian M?rie?, http://blog.ionelmc.ro > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikeodriscoll at gmail.com Mon Sep 28 17:31:57 2015 From: mikeodriscoll at gmail.com (Mike O'Driscoll) Date: Mon, 28 Sep 2015 11:31:57 -0400 Subject: [Distutils] Unable to login to PyPi Message-ID: Hello, I have been unable to login to the PyPi site for nearly a month now via OpenID (launchpad). I have the following ticket open but have gotten no traction: https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid Any support would be appreciated. Thanks, -- Mike O'Driscoll -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at notevencode.com Mon Sep 28 20:19:09 2015 From: matt at notevencode.com (Matthew Iversen) Date: Tue, 29 Sep 2015 04:19:09 +1000 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: <5607C303.1040201@thomas-guettler.de> References: <5607C303.1040201@thomas-guettler.de> Message-ID: <5609849D.3050006@notevencode.com> What it is `long_description` is generally, most applicably, what gets put on the project's pypi page. Sometimes this is exactly the same thing as what you want on your project's general "read me" text, sometimes not. For example, the two are different for flask, virtualenv, setuptools, sopel, numpy But as for django there are also many examples where the two are the same - pip, tornado, etc, etc. I have trouble finding an objective reasoning that one method is to be objectively preferred over the other. I think it can vary a lot given the size and scale of the project, its nature, application vs library, etc. Sometimes someone might prefer their README as a plain txt file, or maybe in markdown. However a `long_description` is always parsed as rst, at least for the present. So there is at least one possible reason. It's possible maybe the text in DESCRIPTION.rst could be changed to indicate the possibilities better. We always want to balance this with keeping `sampleproject` as simple as possible to make it practical and immediately useful, rather than overly technical. Cheers, Matt Matt Iversen // matt at notevencode.com PGP: 0xc046e8a874522973 // 2F04 3DCC D6E6 D5AC D262 2E0B C046 E8A8 7452 2973 On 27/09/2015 8:20 PM, Thomas G?ttler wrote: > Zen of Python: > > There should be one-- and preferably only one --obvious way to do it. > > I would like to find a default for the description file of a python package. > > The sampleproject uses DESCRIPTION.rst > https://github.com/pypa/sampleproject/blob/master/setup.py > > But I guess it is more common to use README.rst. > For example django uses this file name. > > Any good reason to **not** use README.rst but a different > name like DESCRIPTION.rst? > > Of course anyone can use the name he wants. I just want an agreement > for the name to make life easier for newcomers. > > I will check this mail thread in a week or two and write > a pull request to https://github.com/pypa/sampleproject/blob/master/setup.py > if there is an agreement. > > If an agreement was found, which other documents should be updated? > > Regards, > Thomas G?ttler > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From richard at python.org Tue Sep 29 02:02:35 2015 From: richard at python.org (Richard Jones) Date: Tue, 29 Sep 2015 10:02:35 +1000 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: Message-ID: Hi Mike, Sorry, but this is a known problem that no-one has time to investigate or fix. Richard On 29 September 2015 at 01:31, Mike O'Driscoll wrote: > Hello, > > I have been unable to login to the PyPi site for nearly a month now via > OpenID (launchpad). > > I have the following ticket open but have gotten no traction: > https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid > > Any support would be appreciated. > > Thanks, > > -- > Mike O'Driscoll > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From glyph at twistedmatrix.com Tue Sep 29 04:57:30 2015 From: glyph at twistedmatrix.com (Glyph Lefkowitz) Date: Mon, 28 Sep 2015 16:57:30 -1000 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: Message-ID: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Mike, do you have another way to authenticate to the site, or are you locked out until OpenID works again? -g > On Sep 28, 2015, at 14:02, Richard Jones wrote: > > Hi Mike, > > Sorry, but this is a known problem that no-one has time to investigate or fix. > > > Richard > > On 29 September 2015 at 01:31, Mike O'Driscoll > wrote: > Hello, > > I have been unable to login to the PyPi site for nearly a month now via OpenID (launchpad). > > I have the following ticket open but have gotten no traction: > https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid > > Any support would be appreciated. > > Thanks, > > -- > Mike O'Driscoll > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikeodriscoll at gmail.com Tue Sep 29 15:09:45 2015 From: mikeodriscoll at gmail.com (Mike O'Driscoll) Date: Tue, 29 Sep 2015 09:09:45 -0400 Subject: [Distutils] Unable to login to PyPi In-Reply-To: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> References: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Message-ID: I'm completely locked out. If there is/was a way to add pure username password I'll do that when I can get back in. -- Mike O'Driscoll On Mon, Sep 28, 2015 at 10:57 PM, Glyph Lefkowitz wrote: > Mike, do you have another way to authenticate to the site, or are you > locked out until OpenID works again? > > -g > > On Sep 28, 2015, at 14:02, Richard Jones wrote: > > Hi Mike, > > Sorry, but this is a known problem that no-one has time to investigate or > fix. > > > Richard > > On 29 September 2015 at 01:31, Mike O'Driscoll > wrote: > >> Hello, >> >> I have been unable to login to the PyPi site for nearly a month now via >> OpenID (launchpad). >> >> I have the following ticket open but have gotten no traction: >> https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid >> >> Any support would be appreciated. >> >> Thanks, >> >> -- >> Mike O'Driscoll >> >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig >> >> > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chris.barker at noaa.gov Tue Sep 29 18:29:19 2015 From: chris.barker at noaa.gov (Chris Barker) Date: Tue, 29 Sep 2015 09:29:19 -0700 Subject: [Distutils] README.rst vs DESCRIPTION.rst In-Reply-To: <5609849D.3050006@notevencode.com> References: <5607C303.1040201@thomas-guettler.de> <5609849D.3050006@notevencode.com> Message-ID: On Mon, Sep 28, 2015 at 11:19 AM, Matthew Iversen wrote: > For example, the two are different for flask, virtualenv, setuptools, > sopel, numpy > these are some pretty significant, complex packages. I have trouble finding an objective reasoning that one method is to be > objectively preferred over the other. > No one is suggesting reducing flexibility here. The topic under discussion is what should be recommended and demonstrated for newbies, and the simplest reasonable thing to do there the better - one Readme.rst seems the obvious answer for that. We always want to balance this with keeping `sampleproject` as simple as > possible to make it practical and > immediately useful, rather than overly technical. > Exactly. -CHB -- Christopher Barker, Ph.D. Oceanographer Emergency Response Division NOAA/NOS/OR&R (206) 526-6959 voice 7600 Sand Point Way NE (206) 526-6329 fax Seattle, WA 98115 (206) 526-6317 main reception Chris.Barker at noaa.gov -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikeodriscoll at gmail.com Tue Sep 29 20:33:33 2015 From: mikeodriscoll at gmail.com (Mike O'Driscoll) Date: Tue, 29 Sep 2015 14:33:33 -0400 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Message-ID: Would someone be able to point me to the correct package/developer bring up/testing instructions. Should I find extra cycles I could potentially investigate a fix. -- Mike O'Driscoll On Tue, Sep 29, 2015 at 9:09 AM, Mike O'Driscoll wrote: > I'm completely locked out. > > If there is/was a way to add pure username password I'll do that when I > can get back in. > > > -- > Mike O'Driscoll > > On Mon, Sep 28, 2015 at 10:57 PM, Glyph Lefkowitz > wrote: > >> Mike, do you have another way to authenticate to the site, or are you >> locked out until OpenID works again? >> >> -g >> >> On Sep 28, 2015, at 14:02, Richard Jones wrote: >> >> Hi Mike, >> >> Sorry, but this is a known problem that no-one has time to investigate or >> fix. >> >> >> Richard >> >> On 29 September 2015 at 01:31, Mike O'Driscoll >> wrote: >> >>> Hello, >>> >>> I have been unable to login to the PyPi site for nearly a month now via >>> OpenID (launchpad). >>> >>> I have the following ticket open but have gotten no traction: >>> https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid >>> >>> Any support would be appreciated. >>> >>> Thanks, >>> >>> -- >>> Mike O'Driscoll >>> >>> >>> _______________________________________________ >>> Distutils-SIG maillist - Distutils-SIG at python.org >>> https://mail.python.org/mailman/listinfo/distutils-sig >>> >>> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig >> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From glyph at twistedmatrix.com Tue Sep 29 21:54:01 2015 From: glyph at twistedmatrix.com (Glyph Lefkowitz) Date: Tue, 29 Sep 2015 09:54:01 -1000 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Message-ID: If nobody has time to fix the code for OpenID, is there at least an admin with privileges to associate passwords with people's accounts? -glyph > On Sep 29, 2015, at 03:09, Mike O'Driscoll wrote: > > I'm completely locked out. > > If there is/was a way to add pure username password I'll do that when I can get back in. > > > -- > Mike O'Driscoll > > On Mon, Sep 28, 2015 at 10:57 PM, Glyph Lefkowitz > wrote: > Mike, do you have another way to authenticate to the site, or are you locked out until OpenID works again? > > -g > >> On Sep 28, 2015, at 14:02, Richard Jones > wrote: >> >> Hi Mike, >> >> Sorry, but this is a known problem that no-one has time to investigate or fix. >> >> >> Richard >> >> On 29 September 2015 at 01:31, Mike O'Driscoll > wrote: >> Hello, >> >> I have been unable to login to the PyPi site for nearly a month now via OpenID (launchpad). >> >> I have the following ticket open but have gotten no traction: >> https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid >> >> Any support would be appreciated. >> >> Thanks, >> >> -- >> Mike O'Driscoll >> >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig >> >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wolfgang.maier at biologie.uni-freiburg.de Tue Sep 29 22:47:47 2015 From: wolfgang.maier at biologie.uni-freiburg.de (Wolfgang Maier) Date: Tue, 29 Sep 2015 20:47:47 +0000 (UTC) Subject: [Distutils] No Python 3.5 option for Python version on files upload form Message-ID: You still cannot select Python 3.5 as the Python Version for wheels and other files uploaded to pypi over the web interface (see pypi issue #341). From brett at python.org Wed Sep 30 18:32:27 2015 From: brett at python.org (Brett Cannon) Date: Wed, 30 Sep 2015 16:32:27 +0000 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Message-ID: On Tue, 29 Sep 2015 at 11:34 Mike O'Driscoll wrote: > Would someone be able to point me to the correct package/developer bring > up/testing instructions. > > Should I find extra cycles I could potentially investigate a fix. > > I think these might be the instructions you're looking for: https://wiki.python.org/moin/CheeseShopDev -Brett > > -- > Mike O'Driscoll > > On Tue, Sep 29, 2015 at 9:09 AM, Mike O'Driscoll > wrote: > >> I'm completely locked out. >> >> If there is/was a way to add pure username password I'll do that when I >> can get back in. >> >> >> -- >> Mike O'Driscoll >> >> On Mon, Sep 28, 2015 at 10:57 PM, Glyph Lefkowitz < >> glyph at twistedmatrix.com> wrote: >> >>> Mike, do you have another way to authenticate to the site, or are you >>> locked out until OpenID works again? >>> >>> -g >>> >>> On Sep 28, 2015, at 14:02, Richard Jones wrote: >>> >>> Hi Mike, >>> >>> Sorry, but this is a known problem that no-one has time to investigate >>> or fix. >>> >>> >>> Richard >>> >>> On 29 September 2015 at 01:31, Mike O'Driscoll >>> wrote: >>> >>>> Hello, >>>> >>>> I have been unable to login to the PyPi site for nearly a month now via >>>> OpenID (launchpad). >>>> >>>> I have the following ticket open but have gotten no traction: >>>> https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid >>>> >>>> Any support would be appreciated. >>>> >>>> Thanks, >>>> >>>> -- >>>> Mike O'Driscoll >>>> >>>> >>>> _______________________________________________ >>>> Distutils-SIG maillist - Distutils-SIG at python.org >>>> https://mail.python.org/mailman/listinfo/distutils-sig >>>> >>>> >>> _______________________________________________ >>> Distutils-SIG maillist - Distutils-SIG at python.org >>> https://mail.python.org/mailman/listinfo/distutils-sig >>> >>> >>> >> > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wes.turner at gmail.com Wed Sep 30 19:14:55 2015 From: wes.turner at gmail.com (Wes Turner) Date: Wed, 30 Sep 2015 12:14:55 -0500 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Message-ID: On Sep 30, 2015 11:33 AM, "Brett Cannon" wrote: > > > > On Tue, 29 Sep 2015 at 11:34 Mike O'Driscoll wrote: >> >> Would someone be able to point me to the correct package/developer bring up/testing instructions. >> >> Should I find extra cycles I could potentially investigate a fix. https://github.com/omab/python-social-auth/blob/master/README.rst#auth-providers lists "Launchpad Openid" https://github.com/omab/python-social-auth/tree/master/social/tests/backends * [ ] test_launchpad.py >> > > I think these might be the instructions you're looking for: https://wiki.python.org/moin/CheeseShopDev > > -Brett > >> >> >> -- >> Mike O'Driscoll >> >> On Tue, Sep 29, 2015 at 9:09 AM, Mike O'Driscoll wrote: >>> >>> I'm completely locked out. >>> >>> If there is/was a way to add pure username password I'll do that when I can get back in. >>> >>> >>> -- >>> Mike O'Driscoll >>> >>> On Mon, Sep 28, 2015 at 10:57 PM, Glyph Lefkowitz < glyph at twistedmatrix.com> wrote: >>>> >>>> Mike, do you have another way to authenticate to the site, or are you locked out until OpenID works again? >>>> >>>> -g >>>> >>>>> On Sep 28, 2015, at 14:02, Richard Jones wrote: >>>>> >>>>> Hi Mike, >>>>> >>>>> Sorry, but this is a known problem that no-one has time to investigate or fix. >>>>> >>>>> >>>>> Richard >>>>> >>>>> On 29 September 2015 at 01:31, Mike O'Driscoll < mikeodriscoll at gmail.com> wrote: >>>>>> >>>>>> Hello, >>>>>> >>>>>> I have been unable to login to the PyPi site for nearly a month now via OpenID (launchpad). >>>>>> >>>>>> I have the following ticket open but have gotten no traction: >>>>>> https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid >>>>>> >>>>>> Any support would be appreciated. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -- >>>>>> Mike O'Driscoll >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Distutils-SIG maillist - Distutils-SIG at python.org >>>>>> https://mail.python.org/mailman/listinfo/distutils-sig >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Distutils-SIG maillist - Distutils-SIG at python.org >>>>> https://mail.python.org/mailman/listinfo/distutils-sig >>>> >>>> >>> >> >> _______________________________________________ >> Distutils-SIG maillist - Distutils-SIG at python.org >> https://mail.python.org/mailman/listinfo/distutils-sig > > > _______________________________________________ > Distutils-SIG maillist - Distutils-SIG at python.org > https://mail.python.org/mailman/listinfo/distutils-sig > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikeodriscoll at gmail.com Wed Sep 30 19:28:17 2015 From: mikeodriscoll at gmail.com (Mike O'Driscoll) Date: Wed, 30 Sep 2015 13:28:17 -0400 Subject: [Distutils] Unable to login to PyPi In-Reply-To: References: <3EE33787-304A-4A70-88F9-07B3F75DA401@twistedmatrix.com> Message-ID: Thanks Wes + Brett, Should I find extra cycles outside my day job I could take a peak. Please don't wait on me should someone else beat me to it. Cheers, -- Mike O'Driscoll On Wed, Sep 30, 2015 at 1:14 PM, Wes Turner wrote: > > On Sep 30, 2015 11:33 AM, "Brett Cannon" wrote: > > > > > > > > On Tue, 29 Sep 2015 at 11:34 Mike O'Driscoll > wrote: > >> > >> Would someone be able to point me to the correct package/developer > bring up/testing instructions. > >> > >> Should I find extra cycles I could potentially investigate a fix. > > > https://github.com/omab/python-social-auth/blob/master/README.rst#auth-providers > lists "Launchpad Openid" > > > https://github.com/omab/python-social-auth/tree/master/social/tests/backends > > * [ ] test_launchpad.py > > >> > > > > I think these might be the instructions you're looking for: > https://wiki.python.org/moin/CheeseShopDev > > > > -Brett > > > >> > >> > >> -- > >> Mike O'Driscoll > >> > >> On Tue, Sep 29, 2015 at 9:09 AM, Mike O'Driscoll < > mikeodriscoll at gmail.com> wrote: > >>> > >>> I'm completely locked out. > >>> > >>> If there is/was a way to add pure username password I'll do that when > I can get back in. > >>> > >>> > >>> -- > >>> Mike O'Driscoll > >>> > >>> On Mon, Sep 28, 2015 at 10:57 PM, Glyph Lefkowitz < > glyph at twistedmatrix.com> wrote: > >>>> > >>>> Mike, do you have another way to authenticate to the site, or are you > locked out until OpenID works again? > >>>> > >>>> -g > >>>> > >>>>> On Sep 28, 2015, at 14:02, Richard Jones wrote: > >>>>> > >>>>> Hi Mike, > >>>>> > >>>>> Sorry, but this is a known problem that no-one has time to > investigate or fix. > >>>>> > >>>>> > >>>>> Richard > >>>>> > >>>>> On 29 September 2015 at 01:31, Mike O'Driscoll < > mikeodriscoll at gmail.com> wrote: > >>>>>> > >>>>>> Hello, > >>>>>> > >>>>>> I have been unable to login to the PyPi site for nearly a month now > via OpenID (launchpad). > >>>>>> > >>>>>> I have the following ticket open but have gotten no traction: > >>>>>> > https://bitbucket.org/pypa/pypi/issues/333/unable-to-login-via-openid > >>>>>> > >>>>>> Any support would be appreciated. > >>>>>> > >>>>>> Thanks, > >>>>>> > >>>>>> -- > >>>>>> Mike O'Driscoll > >>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> Distutils-SIG maillist - Distutils-SIG at python.org > >>>>>> https://mail.python.org/mailman/listinfo/distutils-sig > >>>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> Distutils-SIG maillist - Distutils-SIG at python.org > >>>>> https://mail.python.org/mailman/listinfo/distutils-sig > >>>> > >>>> > >>> > >> > >> _______________________________________________ > >> Distutils-SIG maillist - Distutils-SIG at python.org > >> https://mail.python.org/mailman/listinfo/distutils-sig > > > > > > _______________________________________________ > > Distutils-SIG maillist - Distutils-SIG at python.org > > https://mail.python.org/mailman/listinfo/distutils-sig > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From christopher.hogan at intel.com Wed Sep 30 21:17:58 2015 From: christopher.hogan at intel.com (Hogan, Christopher) Date: Wed, 30 Sep 2015 19:17:58 +0000 Subject: [Distutils] intelcompiler class in distutils Message-ID: <18A68EC651142A408A0A6AFDE7D1FC895C184A@ORSMSX103.amr.corp.intel.com> Hello, We noticed there are classes in distutils for specific compilers like Borland, Cygwin, MSVC, etc., and are interested in creating a class for the Intel compiler. Is this something that the python developers/community would like to see, or would such a patch have a low chance for acceptance? Chris Hogan Scripting Tools Engineer Scripting, Analyzers and Tools Intel Corporation -------------- next part -------------- An HTML attachment was scrubbed... URL: